Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cpanel | Cpanel | 11.18.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30027
- http://www.kb.cert.org/vuls/id/584089US Government Resource
- http://www.rooksecurity.com/blog/?p=7Exploit
- http://www.vupen.com/english/advisories/2008/1401/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42114
- http://secunia.com/advisories/30027
- http://www.kb.cert.org/vuls/id/584089US Government Resource
- http://www.rooksecurity.com/blog/?p=7Exploit
- http://www.vupen.com/english/advisories/2008/1401/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42114
FAQ
What is CVE-2008-2043?
CVE-2008-2043 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/...
How severe is CVE-2008-2043?
CVE-2008-2043 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2043?
Check the references section above for vendor advisories and patch information. Affected products include: Cpanel Cpanel.