|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
cPanel contains a flaw that allows a remote attacker to access arbitrary files. The issue is due to the editmsg.html script not properly validating the "emaildir" and "form" variables. If an attacker requests an arbitrary file under the right configuration, it will be displayed.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Technical |
An attacker can only retrieve files in the user's directories with the user's permissions (like File Manager), however this allows file retrieval if the server admin has disabled file manager and command line access.
|
|
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
|
|
Products |
|
cPanel
 |
9.1.0-RELEASE 57 |
|
|
|
|
|
Credit |
- Sullo - sullo
 cirt.net - cirt.net
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
