CVE-2004-0490
published 2004-08-18CVE-2004-0490: cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the…
PriorityP430high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
4.47%
90.3th percentile
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
| cpanel | cpanel | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xw7p-mxv9-wcvh: cPanel, when compiling Apache 1
ghsa_unreviewed·2022-04-29·CVSS 7.2
CVE-2004-0490 [HIGH] GHSA-xw7p-mxv9-wcvh: cPanel, when compiling Apache 1
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
GHSA
GHSA-mhhr-jxg6-vv52: The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1
ghsa_unreviewed·2022-04-29·CVSS 7.2
CVE-2004-0529 [HIGH] GHSA-mhhr-jxg6-vv52: The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1
The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
No detection rules found.
No writeups or analysis indexed.
http://bugzilla.cpanel.net/show_bug.cgi?id=283http://bugzilla.cpanel.net/show_bug.cgi?id=664http://www.a-squad.com/audit/explain10.htmlhttp://www.securiteam.com/tools/5TP0N15CUA.htmlhttp://www.securityfocus.com/archive/1/364112http://www.securityfocus.com/bid/10407https://exchange.xforce.ibmcloud.com/vulnerabilities/16239http://bugzilla.cpanel.net/show_bug.cgi?id=283http://bugzilla.cpanel.net/show_bug.cgi?id=664http://www.a-squad.com/audit/explain10.htmlhttp://www.securiteam.com/tools/5TP0N15CUA.htmlhttp://www.securityfocus.com/archive/1/364112http://www.securityfocus.com/bid/10407https://exchange.xforce.ibmcloud.com/vulnerabilities/16239
2004-08-18
Published