CVE-2004-1421

WHM AutoPilot <= 2.4.6.5 - Remote File Inclusion via server_inc Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1421.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in WHM.AutoPilot, including cross-site scripting (XSS), file inclusion, and information disclosure. It provides specific examples of exploitable endpoints and explains the root causes, such as improper handling of the PHP_SELF variable.

Description

Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/43818

This is a technical writeup detailing multiple vulnerabilities in WHM.AutoPilot, including cross-site scripting (XSS), file inclusion, and information disclosure. It provides specific examples of exploitable endpoints and explains the root causes, such as improper handling of the PHP_SELF variable.

Classification
Writeup 95%
Attack Type
Xss | Info Leak | Other
Complexity
Trivial
Reliability
Reliable
Target: WHM.AutoPilot <= 2.4.6.5
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110451997904494&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18699
Patch, Vendor Advisory x_refsource_confirm
http://www.whmautopilot.com/forum/lofiversion/index.php/t6785.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/12695
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1012707
Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/13673
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110425620105529&w=2
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12119

Scores

EPSS 0.0423
EPSS Percentile 89.7%

Details

Status published
Products (3)
whm/whm_autopilot 2.4.5
whm/whm_autopilot 2.4.6
whm/whm_autopilot 2.4.6.5
Published Dec 31, 2004
Tracked Since Feb 18, 2026