cPanel 'cgiemail' Character Injection Vulnerability
Last Update Date:
30 May 2014
Release Date:
28 May 2014
3922
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
A vulnerability was identified in cPanel. A remote user can send SPAM via the system.
A remote user can inject newline characters via certain parameters to modify email fields and send SPAM to arbitrary destination addresses via cgiemail.
Impact
- Remote Code Execution
System / Technologies affected
- Versions prior to 11.40.1.14, 11.42.1.16, 11.43.0.12
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor's advisory is available at:
http://cpanel.net/cpanel-tsr-2014-2004-full-disclosure/
Vulnerability Identifier
Source
Related Link
Share with