CVE-2008-2043

Name of the Vulnerable Software and Affected Versions cPanel versions 11.18.3 through 11.19.3

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary code and perform various administrative actions. Specifically, the vulnerabilities can be exploited through the following API endpoints: "frontend/x2/cron/editcronsimple.html" by manipulating the command1 parameter, "frontend/x2/sql/adddb.html", "frontend/x2/sql/adduser.html", and "frontend/x2/ftp/doaddftp.html".

Recommendations For cPanel versions 11.18.3 through 11.19.3, consider restricting access to the mentioned API endpoints as a temporary workaround until a patch is available. Avoid using the command1 parameter in the "frontend/x2/cron/editcronsimple.html" endpoint until the issue is resolved. Restrict access to the "frontend/x2/sql/adddb.html", "frontend/x2/sql/adduser.html", and "frontend/x2/ftp/doaddftp.html" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.