Description
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by D. Fabian · textremotewindows
https://www.exploit-db.com/exploits/26424
References (17)
Core 17
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22874
Various Sources x_refsource_confirm
https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20316
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2727
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2335
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=375385
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=368750
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17887
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113028858316430&w=2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17455
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/117
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15213
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015104
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113062897231412&w=2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17330
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17779
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2202
Scores
EPSS
0.2377
EPSS Percentile
96.0%
Details
CWE
CWE-20
Status
published
Products (1)
snoopy/snoopy
1.2
Published
Oct 27, 2005
Tracked Since
Feb 18, 2026