Medium severity5.5NVD Advisory· Published Oct 18, 2004· Updated Apr 16, 2026

CVE-2004-1603

Description

cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

Affected products

CPanel/Cpanel
cpe:2.3:a:cpanel:cpanel:9.4.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/12865nvdBroken LinkExploitPatchVendor Advisory
www.securityfocus.com/bid/11449nvdBroken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
www.securityfocus.com/bid/11455nvdBroken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/17779nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/17780nvdThird Party AdvisoryVDB Entry
marc.infonvdMailing List
marc.infonvdMailing List

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000