Unrated severityNVD Advisory· Published Dec 31, 2003· Updated Jun 16, 2026

CVE-2003-1426

Description

Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.

Affected products

CPanel/Cpanel
cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*
CPanel/Openwebmailllm-create
Range: =5.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/6885nvdExploit
archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/11357nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000