| Vulnerability Name: | CVE-2008-4796 (CCN-46068) | ||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2008-10-23 | ||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2008-10-23 | ||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2021-09-30 | ||||||||||||||||||||||||||||||||||||||||||||
| Summary: | The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. | ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-78 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2008-4796 Source: JVN Type: Third Party Advisory, VDB Entry JVN#20502807 Source: JVNDB Type: Third Party Advisory, VDB Entry JVNDB-2008-000074 Source: CCN Type: MSA-09-0003 Vulnerability in Snoopy 1.2.3 Source: CCN Type: SA32361 Snoopy "_httpsrequest()" Shell Command Execution Vulnerability Source: SECUNIA Type: Third Party Advisory 32361 Source: CCN Type: Snoopy Web page Snoopy Source: CONFIRM Type: Broken Link, Patch, Third Party Advisory http://sourceforge.net/forum/forum.php?forum_id=879959 Source: CCN Type: SourceForge.net: Files Snoopy, File Release Notes and Changelog, Release Name: Snoopy-1.2.4 Source: CCN Type: Moodle Tracker Web site MDL-17110 Source: DEBIAN Type: Third Party Advisory DSA-1691 Source: DEBIAN Type: Third Party Advisory DSA-1871 Source: DEBIAN Type: DSA-1691 moodle -- several vulnerabilities Source: DEBIAN Type: DSA-1871 wordpress -- several vulnerabilities Source: CCN Type: IBM Security Bulletin T1024264 (PowerKVM) Vulnerabilities in nagios affect PowerKVM Source: CCN Type: IBM Security Bulletin T1026031 (PowerKVM) Vulnerabilities in nagios affect PowerKVM Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20081101 CVE-2008-4796: snoopy triage Source: CCN Type: OSVDB ID: 49261 Snoopy _httpsrequest() Function Arbitrary Shell Command Injection Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20080907 xoops-1.3.10 shell command execute vulnerability ( causing snoopy class ) Source: BID Type: Patch, Third Party Advisory, VDB Entry 31887 Source: CCN Type: BID-31887 Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability Source: CCN Type: USN-791-1 Moodle vulnerabilities Source: VUPEN Type: Third Party Advisory ADV-2008-2901 Source: XF Type: Third Party Advisory, VDB Entry snoopy-snoopyclass-command-execution(46068) Source: XF Type: UNKNOWN snoopy-snoopyclass-command-execution(46068) Source: GENTOO Type: Third Party Advisory GLSA-201702-26 Source: CONFIRM Type: Third Party Advisory https://www.nagios.org/projects/nagios-core/history/4x/ | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||