header-logo
Suggest Exploit
vendor:
cPanel Image Manager
by:
Unknown
7.5
CVSS
HIGH
Local File-Include
22
CWE
Product Name: cPanel Image Manager
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: No
Related CWE:
CPE: a:cpanel:cpanel
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

cPanel Image Manager local file-include vulnerability

The cPanel Image Manager is vulnerable to a local file-include vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts within the context of the webserver process, potentially leading to further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patches and updates for cPanel Image Manager. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files and directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40622/info

cPanel Image Manager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process, which may aid in further attacks.

http://www.example.com/frontend/x3/cpanelpro/doconvert.html?target=/etc/

Navigation

Suggest Exploit

Services By CQR