CVE-2017-5613
HIGH EXPLOITED IN THE WILDcPanel cgiecho and cgiemail - Remote Code Execution via Format String Specifiers in Template File
Title source: llmExploitation Summary
CVE-2017-5613 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95870
Vendor Advisory x_refsource_misc
https://news.cpanel.com/tsr-2017-0001-full-disclosure/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/01/28/8
Scores
CVSS v3
7.8
EPSS
0.0256
EPSS Percentile
83.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2017-06-20
InTheWild.io
2017-04-08
CWE
CWE-134
Status
published
Products (2)
cpanel/cgiecho
cpanel/cgiemail
Published
Mar 03, 2017
Tracked Since
Feb 18, 2026