CVE-2008-2478

cPanel < 11.8.6 and < 11.23.1 - Authenticated Remote Code Execution via Email Address Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2478. PoCs published by Ali Jasbi.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in cPanel by manipulating the email address field during account creation to execute a Perl script that moves a file from a user's directory to the root directory. It demonstrates arbitrary file write capabilities leading to potential remote code execution.

Description

scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ali Jasbi · textwebappsphp

https://www.exploit-db.com/exploits/31807

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in cPanel by manipulating the email address field during account creation to execute a Perl script that moves a file from a user's directory to the root directory. It demonstrates arbitrary file write capabilities leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: cPanel (version unspecified, likely older versions)

Auth required

Prerequisites: Access to create a cPanel account · Ability to upload files to public_html directory

MITRE ATT&CK