Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
| Link | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/0545 | vdb entry vendor advisory |
| http://www.securityfocus.com/archive/1/459449/100/0/threaded | exploit mailing list |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32400 | vdb entry |
| http://osvdb.org/33240 | vdb entry |
| http://changelog.cpanel.net/index.cgi | |
| http://www.securityfocus.com/archive/1/459409/100/0/threaded | mailing list |
| http://www.securityfocus.com/bid/22455 | vdb entry exploit |
| http://osvdb.org/32043 | vdb entry |
| http://secunia.com/advisories/24097 | third party advisory vendor advisory |
| http://osvdb.org/35750 | vdb entry |