header-logo
Suggest Exploit
vendor:
cPanel
by:
Unknown
N/A
CVSS
N/A
Privilege Escalation
Unknown
CWE
Product Name: cPanel
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

cPanel Privilege Escalation Vulnerability

cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the mod_phpsuexec option are insecure. These settings will reportedly permit a local attacker to execute arbitrary code as any user who possesses a PHP file that is published to the Apache web server.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10407/info

cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the mod_phpsuexec option are insecure. These settings will reportedly permit a local attacker to execute arbitrary code as any user who possesses a PHP file that is published to the Apache web server. 

PATH_TRANSLATED=/gone.php
SCRIPT_FILENAME=/usr/local/cpanel/base/frontend/default/phpinfo.php
/usr/bin/php
If the above results in a "No input file specified." message then the system is vulnerable.

Navigation

Suggest Exploit

Services By CQR