CVE

Id
32595  
CVE No.
CVE-2008-2478  
Status
Candidate  
Description
** DISPUTED ** scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I"m unable to reproduce such an issue on multiple servers running different versions of cPanel."  
Phase
Assigned (20080528)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
352819 32595 CVE-2008-2478 BUGTRAQ:20080518 Cpanel all version >> root access with a reseller account.  View
352820 32595 CVE-2008-2478 URL:http://www.securityfocus.com/archive/1/archive/1/492223/100/0/threaded  View
352821 32595 CVE-2008-2478 BUGTRAQ:20080519 Re: Cpanel all version >> root access with a reseller account.  View
352822 32595 CVE-2008-2478 URL:http://www.securityfocus.com/archive/1/archive/1/492259/100/0/threaded  View
352823 32595 CVE-2008-2478 BID:29277  View
352824 32595 CVE-2008-2478 URL:http://www.securityfocus.com/bid/29277  View
352825 32595 CVE-2008-2478 SECTRACK:1020042  View
352826 32595 CVE-2008-2478 URL:http://www.securitytracker.com/id?1020042  View
352827 32595 CVE-2008-2478 XF:cpanel-wwwact-privilege-escalation(42529)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
49174 JVNDB-2008-004484 insanevisions OneCMS の install_mod.php におけるディレクトリトラバーサルの脆弱性 insanevisions OneCMS の install_mod.php には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2008-2482 32595 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-004484.html  View