cbcvebase.
CVE-2008-2478
published 2008-05-28

CVE-2008-2478: scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute…

PriorityP346high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
4.21%
89.7th percentile
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.

Affected

2 ranges
VendorProductVersion rangeFixed in
cpanelcpanel<= 11.8.6
cpanelcpanel<= 11.23.1
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.