[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-0854Date: (C)2007-02-08   (M)2023-12-22


Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/459409/100/0/threaded
http://www.securityfocus.com/archive/1/459449/100/0/threaded
BID-22455
SECUNIA-24097
OSVDB-32043
OSVDB-33240
OSVDB-35750
ADV-2007-0545
cpanel-webhost-objcache-xss(32400)
http://changelog.cpanel.net/index.cgi

CWE    1
CWE-94

© SecPod Technologies