Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| perlpodder | perlpodder | 0.3 |
| prodder | prodder | * |
| perlpodder | perlpodder | 0.2 |
| prodder | prodder | 0.3 |
| perlpodder | perlpodder | * |