CVE-2004-1603

medium

Description

cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

References

Advisories
More

https://exchange.xforce.ibmcloud.com/vulnerabilities/17780

https://exchange.xforce.ibmcloud.com/vulnerabilities/17779

http://marc.info/?l=bugtraq&m=109811654104208&w=2

http://marc.info/?l=bugtraq&m=109811572123753&w=2

Details

Source: Mitre, NVD

Published: 2004-10-18

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N