CVE-2003-1425
published 2003-12-31CVE-2003-1425: guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
PriorityP350critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
11.48%
95.5th percentile
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cpanel | cpanel | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (4)
exploitdb·2003-02-19
CVE-2003-1425 cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (4)
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (4)
---
source: https://www.securityfocus.com/bid/6882/info
A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script.
An attacker may exploit this vulnerability to execute commands in the security context of the web server hosting the affected script.
This vulnerability has been reported to affect cPanel version 5, previous versions may also be affected.
#!/usr/bin/perl
#
# ------- start here -------
#
# Bug Founded by: pokleyzz
#
# Cpanel is web hosting control panel which allow client manage their web account through
# web interface. Most of the application are written in perl and compil
Exploit-DB
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2)
exploitdb·2003-02-19
CVE-2003-1425 cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2)
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2)
---
source: https://www.securityfocus.com/bid/6882/info
A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script.
An attacker may exploit this vulnerability to execute commands in the security context of the web server hosting the affected script.
This vulnerability has been reported to affect cPanel version 5, previous versions may also be affected.
#!usr/bin/perl
use LWP::UserAgent
print "##########################################\n";
print "# #\n";
print "# Remote Exploit for Cpanel 5 #\n";
print "# #\n";
print "##########################################\n";
print " C0d3r: CaMaLeoN\
Exploit-DB
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (1)
exploitdb·2003-02-19
CVE-2003-1425 cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (1)
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (1)
---
// source: https://www.securityfocus.com/bid/6882/info
A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script.
An attacker may exploit this vulnerability to execute commands in the security context of the web server hosting the affected script.
This vulnerability has been reported to affect cPanel version 5, previous versions may also be affected.
/*
* DSR-cpanel.c by [email protected]
* Vulnerbility found by Polkeyzz
*
* This is a Proof of Concept exploit for
* the cpanel 5 and below. Problem is a open()
* in guestbook.cgi.
*
* User may view any file or execute commands.
* There als
Exploit-DB
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (3)
exploitdb·2003-02-19
CVE-2003-1425 cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (3)
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (3)
---
source: https://www.securityfocus.com/bid/6882/info
A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script.
An attacker may exploit this vulnerability to execute commands in the security context of the web server hosting the affected script.
This vulnerability has been reported to affect cPanel version 5, previous versions may also be affected.
#####################################################
# cpanel-plus.pl exploit
# Spawn bash style Shell on Apache CPANEL
#
# Spabam 2003 PRIV8 code
#
# [email protected]
# This Script is currently under development
#########################
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.htmlhttp://www.securityfocus.com/bid/6882https://exchange.xforce.ibmcloud.com/vulnerabilities/11356http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.htmlhttp://www.securityfocus.com/bid/6882https://exchange.xforce.ibmcloud.com/vulnerabilities/11356
2003-12-31
Published