HTTP: CPanel 5 guestbook.cgi Command Execution
This signature detects attempts to exploit a known vulnerability in guestbook.cgi that ships with CPanel. CPanel versions 5 and earlier are vulnerable. Attackers can embed special characters in a maliciously crafted request to the host to execute arbitrary commands with user guestbook.cgi privileges.
Extended Description
A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability to execute commands in the security context of the web server hosting the affected script. This vulnerability has been reported to affect cPanel version 5, previous versions may also be affected.
Affected Products
Cpanel cpanel
Short Name
HTTP:CGI:CPANEL5-GB-EXEC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
5 CPanel Command Execution bid:6882 guestbook.cgi
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cpanel