CVE-2004-1422

WHM AutoPilot <2.4.6.5 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1422.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in WHM.AutoPilot, including XSS, file inclusion, and information disclosure. It provides specific examples of exploit paths and root causes, such as improper handling of PHP_SELF and unprotected phpinfo() access.

Description

WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/43818

This is a technical writeup detailing multiple vulnerabilities in WHM.AutoPilot, including XSS, file inclusion, and information disclosure. It provides specific examples of exploit paths and root causes, such as improper handling of PHP_SELF and unprotected phpinfo() access.

Classification
Writeup 90%
Attack Type
Xss | Info Leak | Other
Complexity
Trivial
Reliability
Reliable
Target: WHM.AutoPilot <= 2.4.6.5
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12119
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110451997904494&w=2
Patch, Vendor Advisory x_refsource_confirm
http://www.whmautopilot.com/forum/lofiversion/index.php/t6785.html
Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/13673
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110425620105529&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18701

Scores

EPSS 0.0789
EPSS Percentile 93.9%

Details

Status published
Products (3)
whm/whm_autopilot 2.4.5
whm/whm_autopilot 2.4.6
whm/whm_autopilot 2.4.6.5
Published Dec 31, 2004
Tracked Since Feb 18, 2026