CVE-2008-2478

Name of the Vulnerable Software and Affected Versions: cPanel versions 11.18.6 and earlier, 11.23.1 and earlier

Description: The issue allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field. The vendor disputes this issue, stating they are unable to reproduce it on multiple servers running different versions of cPanel.

Recommendations: For cPanel versions 11.18.6 and earlier, and 11.23.1 and earlier, consider restricting access to the scripts/wwwacct functionality to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.