CVE-2008-2478

Опубликовано: 28 мая 2008

Источник: nvd

CVSS2: 8.5

EPSS Низкий

Описание

scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cpanel:cpanel:*:stable:*:*:*:*:*:*

Версия до 11.8.6 (включая)

cpe:2.3:a:cpanel:cpanel:*:current:*:*:*:*:*:*

Версия до 11.23.1 (включая)

EPSS

Процентиль: 90%

0.05505

Низкий

8.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-qp94-gr87-4wq3

github

почти 4 года назад

** DISPUTED ** scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel."