Description
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
Exploits (1)
References (7)
Core 7
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10407
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16239
Issue Tracking x_refsource_confirm
http://bugzilla.cpanel.net/show_bug.cgi?id=664
Issue Tracking x_refsource_misc
http://bugzilla.cpanel.net/show_bug.cgi?id=283
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/364112
Vendor Advisory x_refsource_misc
http://www.securiteam.com/tools/5TP0N15CUA.html
Various Sources x_refsource_misc
http://www.a-squad.com/audit/explain10.html
Scores
EPSS
0.0514
EPSS Percentile
90.0%
Details
Status
published
Products (13)
cpanel/cpanel
5.0
cpanel/cpanel
5.3
cpanel/cpanel
6.0
cpanel/cpanel
6.2
cpanel/cpanel
6.4
cpanel/cpanel
6.4.1
cpanel/cpanel
6.4.2
cpanel/cpanel
6.4.2_stable_48
cpanel/cpanel
7.0
cpanel/cpanel
8.0
... and 3 more
Published
Aug 18, 2004
Tracked Since
Feb 18, 2026