CVE-2004-1770

Опубликовано: 11 мар. 2004

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.

Ссылки

http://marc.info/?l=bugtraq&m=107911581732035&w=2
http://secunia.com/advisories/11124
Exploit
Vendor Advisory
http://www.kb.cert.org/vuls/id/831534
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/9855
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15486
http://marc.info/?l=bugtraq&m=107911581732035&w=2
http://secunia.com/advisories/11124
Exploit
Vendor Advisory
http://www.kb.cert.org/vuls/id/831534
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/9855
Exploit
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15486

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.0939

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-gmc2-7xvp-vj74

github

больше 3 лет назад