Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2478

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2008-2478
Last Modified 05 Sep 2008 12:00:00
Published 28 May 2008 11:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-2478

Summary

** DISPUTED ** scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel."

Vulnerable Systems

Application

  • Cpanel 11.23.1

  • Cpanel 11.8.6


References

XF - cpanel-wwwact-privilege-escalation(42529)

SECTRACK - 1020042

BID - 29277

BUGTRAQ - 20080519 Re: Cpanel all version >> root access with a reseller account.

BUGTRAQ - 20080518 Cpanel all version >> root access with a reseller account.


Last Updated: 27 May 2016 10:47:52