CVE-2004-0490

cPanel 5 < 9 - Local Privilege Escalation

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.

cPanel, cuando se compila Apache 1.3.29 y PHP con la opción mod_phpsuexec, no establece la opción --enable-discard-path, lo que hace que php use la variable SCRIPT_FILENAME para ejecutar un script en lugar de la variable PATH_TRANSLATED, lo que permite a usuarios locales ejecutar código PHP de su elección como otros usuarios mediante una URL que referencia al script del atacante con los privilegios del usuario, una vulnerabilidad distinta de CAN-2004-0529.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-05-24 First Exploit
2004-05-27 CVE Reserved
2004-06-03 CVE Published
2023-03-08 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (8)

URL	Tag	Source
http://bugzilla.cpanel.net/show_bug.cgi?id=283	X_refsource_misc
http://bugzilla.cpanel.net/show_bug.cgi?id=664	X_refsource_confirm
http://www.a-squad.com/audit/explain10.html	X_refsource_misc
http://www.securityfocus.com/archive/1/364112	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/16239	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/24141	2004-05-24
http://www.securityfocus.com/bid/10407	2024-08-08

URL	Date	SRC

URL	Date	SRC
http://www.securiteam.com/tools/5TP0N15CUA.html	2017-07-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				5.0 Search vendor "Cpanel" for product "Cpanel" and version "5.0"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				5.3 Search vendor "Cpanel" for product "Cpanel" and version "5.3"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				6.0 Search vendor "Cpanel" for product "Cpanel" and version "6.0"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				6.2 Search vendor "Cpanel" for product "Cpanel" and version "6.2"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				6.4 Search vendor "Cpanel" for product "Cpanel" and version "6.4"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				6.4.1 Search vendor "Cpanel" for product "Cpanel" and version "6.4.1"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				6.4.2 Search vendor "Cpanel" for product "Cpanel" and version "6.4.2"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				6.4.2_stable_48 Search vendor "Cpanel" for product "Cpanel" and version "6.4.2_stable_48"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				7.0 Search vendor "Cpanel" for product "Cpanel" and version "7.0"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				8.0 Search vendor "Cpanel" for product "Cpanel" and version "8.0"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				9.0 Search vendor "Cpanel" for product "Cpanel" and version "9.0"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				9.1 Search vendor "Cpanel" for product "Cpanel" and version "9.1"		-		Affected
Cpanel Search vendor "Cpanel"		Cpanel Search vendor "Cpanel" for product "Cpanel"				9.1.0_r85 Search vendor "Cpanel" for product "Cpanel" and version "9.1.0_r85"		-		Affected