← Back

CVE-2004-1603

nvd nist
Published: Oct 18, 2004Modified: Apr 16, 2026

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

Affected (1)

Products: Cpanel: Cpanel
Cpanel
1 product
Cpanel
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Cpanel
Version 9.4.1

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (14)

Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Broken LinkExploitPatchVendor Advisory
Source: cve@mitre.org
Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
Source: cve@mitre.org
Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.