cPanel Remote Privilege Escalation vulnerability

Medium Nessus Network Monitor Plugin ID 4509


The remote host is vulnerable to a remote 'privilege escalation' flaw


The remote host is running cpanel, a web-hosting control panel. The remote version of this software is vulnerable to a flaw wherein users can gain Administrative access. The root of the flaw is in the way that this version of cPanel allows new user accounts to access the root directory. An attacker, exploiting this flaw, would need the ability to authenticate and the ability to create a new user. Successful exploitation would result in the attacker gaining administrative access.


Upgrade to version greater than 11.18.4

See Also

Plugin Details

Severity: Medium

ID: 4509

Family: Web Servers

Published: 2004/08/18

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: Medium


Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 6.3

Temporal Score: 6.2


Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:cpanel:cpanel

Reference Information

CVE: CVE-2008-2478

BID: 29277