Magpierss Project Magpierss vulnerabilities
3 known vulnerabilities affecting magpierss_project/magpierss.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-28940P3CRITICALCVSS 9.8v0.722021-04-02
CVE-2021-28940 [CRITICAL] CWE-116 CVE-2021-28940: Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc fil
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary com
nvd
CVE-2011-0740P4MEDIUMCVSS 4.3PoC≥ 0, < 0.72-10ubuntu1≥ 0, < 0.72-112011-02-02
CVE-2011-0740 [MEDIUM] CVE-2011-0740: Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
osv
CVE-2021-28941P4MEDIUMCVSS 5.3v0.722021-04-02
CVE-2021-28941 [MEDIUM] CWE-918 CVE-2021-28941: Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, w
Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request.
nvd