CVE-2006-2548

Name of the Vulnerable Software and Affected Versions Prodder versions prior to 0.5 perlpodder versions prior to 0.5

Description The issue allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, specifically in the url attribute of an enclosure tag, or the $enc url variable. This code is executed when running wget.

Recommendations For Prodder versions prior to 0.5, update to version 0.5 or later to resolve the issue. For perlpodder versions prior to 0.5, update to version 0.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the wget command with untrusted URLs until a patch is available.