Back to search
CVE-2004-0529
Published: Jun 8, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1010411
vdb-entry
x_refsource_SECTRACK
20040605 cPanel mod_php suEXEC Taint Vulnerability
mailing-list
x_refsource_BUGTRAQ
11798
third-party-advisory
x_refsource_SECUNIA
http://bugzilla.cpanel.net/show_bug.cgi?id=668
x_refsource_CONFIRM
10478
vdb-entry
x_refsource_BID
cpanel-suexec-command-execute(16347)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now