OSVDB ID: 4216 Title: cPanel erredit.html Arbitrary File Access |
Info |
|
|
Dates |
||||
|
|
Description |
cPanel contains a flaw that allows a remote attacker to access arbitrary files. The issue is due to the erredit.html script not properly validating the "dir" and "file" variables. If an attacker requests an arbitrary file under the right configuration, it will be displayed. |
Classification |
Location:
Remote / Network Access
Attack Type: Input Manipulation Impact: Loss of Confidentiality, Loss of Integrity Exploit: Exploit Public Disclosure: OSVDB Verified OSVDB: Web Related |
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. |
Products |
|
References |
|
Credit |
|
cirt.net - cirt.net