CVE-2003-1426

2003-12-31T00:00:00
ID CVE-2003-1426
Type cve
Reporter NVD
Modified 2017-07-28T21:29:11

Description

Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.