CVE-2008-4796

CVE Database · CVE-2008-4796

CVE-2008-4796

· N/AModified

CVSS v3.1

N/A

EPSS

8.98%

Published

Oct 30, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.

Weaknesses (CWE)

CWE-78

Affected Products (5)

snoopy_project · snoopyvulnerable

debian · debian_linuxvulnerable

nagios · nagios (up to 4.2.2)vulnerable

wordpress · wordpress (up to 2.6.3)vulnerable

References (20)

http://jvn.jp/en/jp/JVN20502807/index.html

Third Party AdvisoryVDB Entry

http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html

Third Party AdvisoryVDB Entry