cbcvebase.
CVE-2006-2548
published 2006-05-23

CVE-2006-2548: Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url…

PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.50%
94.4th percentile
Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.

Affected

5 ranges
VendorProductVersion rangeFixed in
perlpodderperlpodder<= 0.4
perlpodderperlpodder
perlpodderperlpodder
prodderprodder<= 0.4
prodderprodder
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.