Remote File Inclusion Vulnerability in cPanel WebHost Manager
CVE-2007-0854

Currently unrated

Key Information:

Vendor

Cpanel
Status
Webhost Manager
Vendor
CVE Published:
8 February 2007

What is CVE-2007-0854?

A remote file inclusion vulnerability exists in the scripts2/objcache component of cPanel's WebHost Manager (WHM). This flaw allows attackers to execute arbitrary code by injecting a malicious URL into the obj parameter. Although some experts argue that the contents aren't parsed, the vulnerability can still lead to file overwrites in the /var/cpanel/objcache directory or result in rendering unintended web page content, posing a significant security threat for users running affected versions.

References

http://www.vupen.com/english/advisories/2007/0545
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/459449/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/32400
vdb-entryx_refsource_XF

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.