Vulnerability Details : CVE-2008-4796
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
Products affected by CVE-2008-4796
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
- cpe:2.3:a:snoopy_project:snoopy:*:*:*:*:*:*:*:*
Threat overview for CVE-2008-4796
Top countries where our scanners detected CVE-2008-4796
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2008-4796 123
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-4796!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-4796
1.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-4796
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-4796
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4796
-
http://jvn.jp/en/jp/JVN20502807/index.html
JVN#20502807 Snoopy command injection vulnerabilityThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2009/dsa-1871
[SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilitiesThird Party Advisory
-
https://www.nagios.org/projects/nagios-core/history/4x/
Nagios Core 4.x Version History - NagiosThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/46068
Snoopy Snoopy.class.php command execution CVE-2008-4796 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2008/11/01/1
oss-security - CVE-2008-4796: snoopy triageMailing List;Third Party Advisory
-
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html
JVNDB-2008-000074 - JVN iPedia - 脆弱性対策情報データベースThird Party Advisory;VDB Entry
-
http://sourceforge.net/forum/forum.php?forum_id=879959
Page not found - SourceForge.netBroken Link;Patch;Third Party Advisory
-
http://www.vupen.com/english/advisories/2008/2901
Site en constructionThird Party Advisory
-
http://www.securityfocus.com/archive/1/496068/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2008/dsa-1691
[SECURITY] [DSA 1691-1] New moodle packages fix several vulnerabilitiesThird Party Advisory
-
https://security.gentoo.org/glsa/201702-26
Nagios: Multiple vulnerabilities (GLSA 201702-26) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/31887
Patch;Third Party Advisory;VDB Entry
Jump to