CVE-2021-28941

Name of the Vulnerable Software and Affected Versions: MagpieRSS version 0.72

Description: The issue arises from a lack of validation on a curl command in the /extlib/Snoopy.class.inc file. This allows an attacker to request any internal page when sending a request to the /scripts/magpie debug.php or /scripts/magpie simple.php page using a https request.

Recommendations: For MagpieRSS version 0.72, consider disabling the curl command functionality in the /extlib/Snoopy.class.inc file until a patch is available. Restrict access to the /scripts/magpie debug.php and /scripts/magpie simple.php pages to minimize the risk of exploitation. Avoid using the https request method in these pages until the issue is resolved.