Format String Vulnerability in cgiemail and cgiecho by cPanel
CVE-2017-5613

7.8HIGH

Key Information:

Vendor
Cpanel
Status
Cgiecho
Cgiemail
Vendor
CVE Published:
3 March 2017

Summary

The format string vulnerability present in cgiemail and cgiecho components of cPanel allows remote attackers to manipulate the application through crafted template files. By inserting format string specifiers, attackers can execute arbitrary code on the server, potentially compromising the entire system. This vulnerability underscores the need for proper input validation and security measures in web applications.

References

http://www.securityfocus.com/bid/95870
vdb-entryx_refsource_BID
https://news.cpanel.com/tsr-2017-0001-full-disclosure/
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2017/01/28/8
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.