Local File Disclosure and Privilege Escalation in cPanel 9.4.1-RELEASE-64

Local File Disclosure and Privilege Escalation in cPanel 9.4.1-RELEASE-64

CVE-2004-1603 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

Learn more about our User Device Pen Test.