Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html. Additional information can be found at:
http://secunia.com/advisories/30027/
http://www.frsirt.com/english/advisories/2008/1401
http://blog.cpanel.net/?p39
Publication date: Fri, 02 May 2008 00:05:00 +0000