Lucene search

PRIOn knowledge basePRION:CVE-2006-2548

HistoryMay 23, 2006 - 10:06 a.m.

Code injection

2006-05-2310:06:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.532 Medium

EPSS

Percentile

97.6%

JSON

Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.

CPENameOperatorVersion
perlpoddereq0.3
perlpodderle0.4
perlpoddereq0.2
proddereq0.3
prodderle0.4

Name	Operator	Version
perlpodder	eq	0.3
perlpodder	le	0.4
perlpodder	eq	0.2
prodder	eq	0.3
prodder	le	0.4

References

archives.neohapsis.com/archives/fulldisclosure/2006-05/0567.html

secunia.com/advisories/20208

secunia.com/advisories/20238

securityreason.com/securityalert/942

sourceforge.net/project/shownotes.php?release_id=418189&group_id=148643

www.osvdb.org/25690

www.securityfocus.com/archive/1/434712/100/0/threaded

www.securityfocus.com/bid/18068

www.vupen.com/english/advisories/2006/1905

exchange.xforce.ibmcloud.com/vulnerabilities/26568

exchange.xforce.ibmcloud.com/vulnerabilities/26575

www.redteam-pentesting.de/advisories/rt-sa-2006-002.php

www.redteam-pentesting.de/advisories/rt-sa-2006-003.php