NVD Vulnerability Detail

CVE-2008-4796

Summary	The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
Summary	La función _httpsrequest function (Snoopy/Snoopy.class.php) en Snoopy 1.2.3 y versiones anteriores, cuando es usada en (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost y posiblemente otros productos, permite a atacantes remotos ejecutar comandos arbitrarios a través de metacarácteres shell en URLs https.
Publication Date	Oct. 31, 2008, 5:56 a.m.
Registration Date	Jan. 29, 2021, 1:44 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:snoopy_project:snoopy::::::::		1.2.3
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:debian:debian_linux:5.0:::::::*
cpe:2.3:a:nagios:nagios::::::::				4.2.2
cpe:2.3:a:wordpress:wordpress::::::::				2.6.3

Related information, measures and tools

No	URL	refsource
1	http://jvn.jp/en/jp/JVN20502807/index.html	cve@mitre.org
2	http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html	cve@mitre.org
3	http://secunia.com/advisories/32361	cve@mitre.org
4	http://sourceforge.net/forum/forum.php?forum_id=879959	cve@mitre.org
5	http://www.debian.org/security/2008/dsa-1691	cve@mitre.org
6	http://www.debian.org/security/2009/dsa-1871	cve@mitre.org
7	http://www.openwall.com/lists/oss-security/2008/11/01/1	cve@mitre.org
8	http://www.securityfocus.com/archive/1/496068/100/0/threaded	cve@mitre.org
9	http://www.securityfocus.com/bid/31887	cve@mitre.org
10	http://www.vupen.com/english/advisories/2008/2901	cve@mitre.org
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/46068	cve@mitre.org
12	https://security.gentoo.org/glsa/201702-26	cve@mitre.org
13	https://www.nagios.org/projects/nagios-core/history/4x/	cve@mitre.org
14	http://jvn.jp/en/jp/JVN20502807/index.html	af854a3a-2127-422b-91ae-364da2661108
15	http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html	af854a3a-2127-422b-91ae-364da2661108
16	http://secunia.com/advisories/32361	af854a3a-2127-422b-91ae-364da2661108
17	http://sourceforge.net/forum/forum.php?forum_id=879959	af854a3a-2127-422b-91ae-364da2661108
18	http://www.debian.org/security/2008/dsa-1691	af854a3a-2127-422b-91ae-364da2661108
19	http://www.debian.org/security/2009/dsa-1871	af854a3a-2127-422b-91ae-364da2661108
20	http://www.openwall.com/lists/oss-security/2008/11/01/1	af854a3a-2127-422b-91ae-364da2661108
21	http://www.securityfocus.com/archive/1/496068/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
22	http://www.securityfocus.com/bid/31887	af854a3a-2127-422b-91ae-364da2661108
23	http://www.vupen.com/english/advisories/2008/2901	af854a3a-2127-422b-91ae-364da2661108
24	https://exchange.xforce.ibmcloud.com/vulnerabilities/46068	af854a3a-2127-422b-91ae-364da2661108
25	https://security.gentoo.org/glsa/201702-26	af854a3a-2127-422b-91ae-364da2661108
26	https://www.nagios.org/projects/nagios-core/history/4x/	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-78	OSコマンド・インジェクション	https://cwe.mitre.org/data/definitions/78.html