Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Perlpodder 任意Shell命令执行漏洞
Vulnerability Description
Perlpodder是用PERL编写的podcatcher脚本,用于自动下载多媒体文件的索引。 Perlpodder实现上存在输入验证漏洞,远程攻击者可能利用此漏洞诱使用户在客户机器上执行任意命令。 当使用perlpodder获取文件索引的时候,perlpodder会从服务器所提供的XML文件获取媒体文件的URL。该URL保存到了$dlset变量中。有两种情况会同system()命令使用这个变量: 第一种用途是同echo记录URL(278行): [...] 277 # add urls to log fi
CVSS Information
N/A
Vulnerability Type
N/A