CVE-2004-1421

Name of the Vulnerable Software and Affected Versions: WHM AutoPilot versions 2.4.6.5 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code by modifying the server inc parameter to reference a URL on a remote web server that contains the code. This is possible due to multiple PHP remote file inclusion vulnerabilities in files such as step one.php, step one tables.php, and step two tables.php.

Recommendations: For WHM AutoPilot versions 2.4.6.5 and earlier, consider restricting access to the vulnerable files step one.php, step one tables.php, and step two tables.php to minimize the risk of exploitation. Avoid using the server inc parameter to reference external URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.