CVE-2004-1420

EIP tracks 1 public exploit for CVE-2004-1420. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in WHM.AutoPilot, including cross-site scripting (XSS), file inclusion, and information disclosure. It provides specific examples of exploit paths and root causes, such as improper handling of the PHP_SELF variable.

Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter.