Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2043

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2043
Last Modified 07 Mar 2011 10:08:37
Published 01 May 2008 03:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2043

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.

Vulnerable Systems

Application

  • Cpanel 11.18.3

  • Cpanel 11.19.3


References

CERT-VN - VU#584089

VUPEN - ADV-2008-1401

MISC - http://www.rooksecurity.com/blog/?p=7

XF - cpanel-http-csrf(42114)

SECUNIA - 30027


Last Updated: 27 May 2016 10:47:44