CVE-2004-0490
CVE-2004-0490
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/24141unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugzilla.cpanel.net/show_bug.cgi?id=283http://bugzilla.cpanel.net/show_bug.cgi?id=664https://exchange.xforce.ibmcloud.com/vulnerabilities/16239http://www.a-squad.com/audit/explain10.htmlhttp://www.securiteam.com/tools/5TP0N15CUA.htmlhttp://www.securityfocus.com/archive/1/364112http://www.securityfocus.com/bid/10407