CVE: CVE-2008-4796

Export to Word

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.0073
Percentile: 0.71747

CVSS Scoring

CVSS v2 Score: 10.0

Severity:

Mapped CWE(s)

CWE-78 : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

All CAPEC(s)

CAPEC-108: Command Line Execution through SQL Injection
CAPEC-15: Command Delimiters
CAPEC-43: Exploiting Multiple Input Interpretation Layers
CAPEC-6: Argument Injection
CAPEC-88: OS Command Injection

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:snoopy_project:snoopy:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

← Back to Home