Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3330 — Improper Input Validation in Snoopy

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.5HIGHNVD

EPSS

23.8%

top 3.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Snoopy Debian Wordpress

Timeline

PublishedOct 27

Latest updateMay 1

Description

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsnoopy/snoopy1.2

▶debiandebian/wordpress

🔴Vulnerability Details

GHSA

GHSA-hf3f-2785-5v5g: The _httpsrequest function in Snoopy 1↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Snoopy 0.9x/1.0/1.2 - Arbitrary Command Execution↗2005-10-26

▶

📋Vendor Advisories

Debian

CVE-2005-3330: wordpress - The _httpsrequest function in Snoopy 1.2, as used in products such as (1) Magpie...↗2005

▶

💬Community

Bugzilla

CVE-2008-7313 CVE-2014-5008 CVE-2014-5009 snoopy: incomplete fixes for command execution flaws↗2014-07-21

▶