CVE-2004-1603
MEDIUMcPanel 9.4.1-RELEASE-64 - Arbitrary File Read and Chown via Hard Link Following
Title source: llmDescription
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17780
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109811572123753&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17779
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109811654104208&w=2
Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11455
Broken Link, Exploit, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12865
Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11449
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
30.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-59
Status
published
Products (1)
cpanel/cpanel
9.4.1
Published
Oct 18, 2004
Tracked Since
Feb 18, 2026