Описание
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.0006
Низкий
3.3 Low
CVSS2
Дефекты
CWE-16
Связанные уязвимости
github
больше 3 лет назад
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
EPSS
Процентиль: 19%
0.0006
Низкий
3.3 Low
CVSS2
Дефекты
CWE-16