Remote File Inclusion Vulnerability in cPanel WebHost Manager
CVE-2007-0854

Currently unrated

Key Information:

Vendor: Cpanel
Status: Webhost Manager
Vendor: CVE Published:; 8 February 2007

Summary

A remote file inclusion vulnerability exists in the scripts2/objcache component of cPanel's WebHost Manager (WHM). This flaw allows attackers to execute arbitrary code by injecting a malicious URL into the obj parameter. Although some experts argue that the contents aren't parsed, the vulnerability can still lead to file overwrites in the /var/cpanel/objcache directory or result in rendering unintended web page content, posing a significant security threat for users running affected versions.

References

http://www.vupen.com/english/advisories/2007/0545

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/459449/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/32400

vdb-entryx_refsource_XF

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 8, 2007
Vulnerability Reserved
Feb 8, 2007