CVE-2006-2548
published 2006-05-23CVE-2006-2548: Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.50%
94.4th percentile
Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| perlpodder | perlpodder | <= 0.4 | — |
| perlpodder | perlpodder | — | — |
| perlpodder | perlpodder | — | — |
| prodder | prodder | <= 0.4 | — |
| prodder | prodder | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p3wp-9777-5gw9: Prodder before 0
ghsa_unreviewed·2022-05-01
CVE-2006-2548 [HIGH] CWE-94 GHSA-p3wp-9777-5gw9: Prodder before 0
Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.
GHSA
GHSA-rx5g-x54m-g5jh: perlpodder before 0
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-2550 [HIGH] GHSA-rx5g-x54m-g5jh: perlpodder before 0
perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0567.htmlhttp://secunia.com/advisories/20208http://secunia.com/advisories/20238http://securityreason.com/securityalert/942http://sourceforge.net/project/shownotes.php?release_id=418189&group_id=148643http://www.osvdb.org/25690http://www.redteam-pentesting.de/advisories/rt-sa-2006-002.phphttp://www.redteam-pentesting.de/advisories/rt-sa-2006-003.phphttp://www.securityfocus.com/archive/1/434712/100/0/threadedhttp://www.securityfocus.com/bid/18068http://www.vupen.com/english/advisories/2006/1905https://exchange.xforce.ibmcloud.com/vulnerabilities/26568https://exchange.xforce.ibmcloud.com/vulnerabilities/26575http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0567.htmlhttp://secunia.com/advisories/20208http://secunia.com/advisories/20238http://securityreason.com/securityalert/942http://sourceforge.net/project/shownotes.php?release_id=418189&group_id=148643http://www.osvdb.org/25690http://www.redteam-pentesting.de/advisories/rt-sa-2006-002.phphttp://www.redteam-pentesting.de/advisories/rt-sa-2006-003.phphttp://www.securityfocus.com/archive/1/434712/100/0/threadedhttp://www.securityfocus.com/bid/18068http://www.vupen.com/english/advisories/2006/1905https://exchange.xforce.ibmcloud.com/vulnerabilities/26568https://exchange.xforce.ibmcloud.com/vulnerabilities/26575
2006-05-23
Published