CVE-2004-0490 in cPanelالمعلومات

الملخص

بحسب MITRE

cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker s script after the user s script, which executes the attacker s script with the user s privileges, a different vulnerability than CVE-2004-0529.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

حجز

27/05/2004

إفشاء

18/08/2004

الاعتدال

تمت الموافقة

إدخال

VDB-22125

استغلال

تحميل

EPSS

0.04466

KEV

لا

النشاطات

منخفض جدًا

القطاع

Telecommunication

المصادر

Interested in the pricing of exploits?

See the underground prices here!