Short Name |
HTTP:CGI:CPANEL5-GB-EXEC |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
CPanel 5 guestbook.cgi Command Execution |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in guestbook.cgi that ships with CPanel. CPanel versions 5 and earlier are vulnerable. Attackers can embed special characters in a maliciously crafted request to the host to execute arbitrary commands with user guestbook.cgi privileges.
A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability to execute commands in the security context of the web server hosting the affected script. This vulnerability has been reported to affect cPanel version 5, previous versions may also be affected.