Back to search
CVE-2008-2478
Published: May 28, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20080518 Cpanel all version >> root access with a reseller account.
mailing-list
x_refsource_BUGTRAQ
20080519 Re: Cpanel all version >> root access with a reseller account.
mailing-list
x_refsource_BUGTRAQ
1020042
vdb-entry
x_refsource_SECTRACK
cpanel-wwwact-privilege-escalation(42529)
vdb-entry
x_refsource_XF
29277
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now