Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
cPanel的本地权限提升漏洞
Vulnerability Description
cPanel在用mod_phpsuexec编译Apache 1.3.29和PHP时候不设置--enable-discard-path选项,并导致php去使用SCRIPT_FILENAME变量而不是PATH_TRANSLATED变量来发现和执行脚本。本地用户可以和其他用户一样通过在用户脚本之后引用攻击者脚本的URL执行PHP代码,该漏洞使用用户权限来执行攻击者脚本,该漏洞不同于CVE-2004-0529。
CVSS Information
N/A
Vulnerability Type
N/A