header-logo
Suggest Exploit
vendor:
cPanel
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: cPanel
Affected Version From: cPanel prior to version 8.6.0
Affected Version To: cPanel version 8.6.0
Patch Exists: No
Related CWE: CVE-2004-0753
CPE: a:cpanel:cpanel
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2004-0753/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2004

A potential remote command execution vulnerability in cPanel Application

An attacker may exploit this problem by crafting a malicious URI request for the affected script; the attacker may then supply shell metacharacters and arbitrary commands as a value for the affected variable.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9848/info

A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that handles resetting user passwords.

An attacker may exploit this problem by crafting a malicious URI request for the affected script; the attacker may then supply shell metacharacters and arbitrary commands as a value for the affected variable.

http://www.example.com:2082/resetpass/?user=|">ls"|

Navigation

Suggest Exploit

Services By CQR