8 lines
No EOL
613 B
Text
8 lines
No EOL
613 B
Text
source: http://www.securityfocus.com/bid/10407/info
|
|
|
|
cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the mod_phpsuexec option are insecure. These settings will reportedly permit a local attacker to execute arbitrary code as any user who possesses a PHP file that is published to the Apache web server.
|
|
|
|
PATH_TRANSLATED=/gone.php
|
|
SCRIPT_FILENAME=/usr/local/cpanel/base/frontend/default/phpinfo.php
|
|
/usr/bin/php
|
|
If the above results in a "No input file specified." message then the system is vulnerable. |