Skip to main content

cPanel 'cgiemail' Character Injection Vulnerability

Last Update Date: 30 May 2014 Release Date: 28 May 2014 3922 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability was identified in cPanel. A remote user can send SPAM via the system.

 

A remote user can inject newline characters via certain parameters to modify email fields and send SPAM to arbitrary destination addresses via cgiemail.


Impact

  • Remote Code Execution

System / Technologies affected

  • Versions prior to 11.40.1.14, 11.42.1.16, 11.43.0.12

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link