Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
BID:22455
Info
Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
| Bugtraq ID: | 22455 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0854 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 07 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
cPanel Web Hosting Manager 11.1.0 (build 53) cPanel cPanel 10.9 build 125 |
| Not Vulnerable: |
cPanel cPanel 10.9 build 134 |
Discussion
Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
cPanel Web Hosting Manager is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
UPDATE: Reports vary as to the exact nature of this issue.
Web Hosting Manager 11.1.0 (build 53) and prior versions are vulnerable.
cPanel Web Hosting Manager is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
UPDATE: Reports vary as to the exact nature of this issue.
Web Hosting Manager 11.1.0 (build 53) and prior versions are vulnerable.
Exploit / POC
Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
An attacker can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/example/inc/top.inc.php?rootdir=Evil.txt?
An attacker can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/example/inc/top.inc.php?rootdir=Evil.txt?
Solution / Fix
Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
Solution:
The vendor has released a fix for this vulnerability. Please see the vendor references for more information.
cPanel cPanel 10.9 build 125
Solution:
The vendor has released a fix for this vulnerability. Please see the vendor references for more information.
cPanel cPanel 10.9 build 125
-
cPanel 10.9.0 (build 134) - CURRENT Tree
http://changelog.cpanel.net/
References
Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
References:
References:
- cPanel changelog (cPanel)
- cPanel Homepage (cPanel)
- Re: remote file include in whm (all version) (Tom Walsh)
- remote file include in whm (all version) ([email protected])