CVE-2004-0490

Name of the Vulnerable Software and Affected Versions cPanel versions 1.3.29

Description The issue arises when cPanel compiles Apache 1.3.29 and PHP with the mod phpsuexec option, without setting the --enable-discard-path option. This causes PHP to use the SCRIPT FILENAME variable instead of the PATH TRANSLATED variable to find and execute scripts. As a result, local users can execute arbitrary PHP code as other users by referencing the attacker's script after the user's script in a URL, allowing the attacker's script to run with the user's privileges.

Recommendations For cPanel version 1.3.29, consider setting the --enable-discard-path option when compiling Apache and PHP to prevent the misuse of the SCRIPT FILENAME variable. As a temporary workaround, restrict access to the mod phpsuexec option until a proper fix can be applied.