CVE-2021-28940 - OpenCVE

Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Magpierss Project	Magpierss

Configuration 1 [-]

cpe:2.3:a:magpierss_project:magpierss:0.72:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/kellan/magpierss/blob/04d2a88b97fdba5813d01dc0d56c772d97360bb5/extlib/Snoopy.class.inc#L660
https://pastebin.com/kpzHKKJu
https://www.exploit-db.com/exploits/49643

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-02T19:06:19

Updated: 2024-08-03T21:55:12.222Z

Reserved: 2021-03-19T00:00:00

Link: CVE-2021-28940

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-02T20:15:13.317

Modified: 2022-12-13T16:34:17.733

Link: CVE-2021-28940

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-02T22:14:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://pastebin.com/kpzHKKJu"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kellan/magpierss/blob/04d2a88b97fdba5813d01dc0d56c772d97360bb5/extlib/Snoopy.class.inc#L660"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/49643"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-28940", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://pastebin.com/kpzHKKJu", "refsource": "MISC", "url": "https://pastebin.com/kpzHKKJu"}, {"name": "https://github.com/kellan/magpierss/blob/04d2a88b97fdba5813d01dc0d56c772d97360bb5/extlib/Snoopy.class.inc#L660", "refsource": "MISC", "url": "https://github.com/kellan/magpierss/blob/04d2a88b97fdba5813d01dc0d56c772d97360bb5/extlib/Snoopy.class.inc#L660"}, {"name": "https://www.exploit-db.com/exploits/49643", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/49643"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:55:12.222Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pastebin.com/kpzHKKJu"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kellan/magpierss/blob/04d2a88b97fdba5813d01dc0d56c772d97360bb5/extlib/Snoopy.class.inc#L660"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.exploit-db.com/exploits/49643"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-28940", "datePublished": "2021-04-02T19:06:19", "dateReserved": "2021-03-19T00:00:00", "dateUpdated": "2024-08-03T21:55:12.222Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:magpierss_project:magpierss:0.72:*:*:*:*:*:*:*", "matchCriteriaId": "E4771885-767A-4464-A61E-A915411620D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands."}, {"lang": "es", "value": "Debido a un comando exec de escape incorrecto en MagpieRSS en versi\u00f3n 0.72, en el archivo /extlib/Snoopy.class.inc, es posible agregar un comando adicional al binario curl. Esto crea un problema en las p\u00e1ginas /scripts/magpie_debug.php y /scripts/magpie_simple.php que si env\u00eda una URL https espec\u00edfica en el campo URL de RSS, puede ejecutar comandos arbitrarios."}], "id": "CVE-2021-28940", "lastModified": "2022-12-13T16:34:17.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-02T20:15:13.317", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/kellan/magpierss/blob/04d2a88b97fdba5813d01dc0d56c772d97360bb5/extlib/Snoopy.class.inc#L660"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://pastebin.com/kpzHKKJu"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/49643"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "nvd@nist.gov", "type": "Primary"}]}