CVE-2003-1426

2003-12-31T05:00:00
ID CVE-2003-1426
Type cve
Reporter cve@mitre.org
Modified 2017-07-29T01:29:00

Description

Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.