Arbitrary Code Execution via PATH Manipulation in ChangePassword 0.8

Arbitrary Code Execution via PATH Manipulation in ChangePassword 0.8

CVE-2004-1263 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program.

Learn more about our User Device Pen Test.