source: http://www.securityfocus.com/bid/10407/info cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the mod_phpsuexec option are insecure. These settings will reportedly permit a local attacker to execute arbitrary code as any user who possesses a PHP file that is published to the Apache web server. PATH_TRANSLATED=/gone.php SCRIPT_FILENAME=/usr/local/cpanel/base/frontend/default/phpinfo.php /usr/bin/php If the above results in a "No input file specified." message then the system is vulnerable.
Related ExploitsTrying to match CVEs (1): CVE-2004-0490
Trying to match OSVDBs (1): 6418
Other Possible E-DB Search Terms: cPanel 5-9, cPanel