Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

cPanel unauthenticated Remote Code Execution (CVSSv2 score 10.0 out of 10)

RaymiiRaymii Member
in General

https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/

SEC-91

Summary

Unauthenticated arbitrary code execution via cpsrvd.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Description

cPanel & WHM’s internal web server, cpsrvd, did not correctly filter the request URI when processing incoming requests. Due to this, it was possible for an unauthenticated attacker to read arbitrary files and execute arbitrary scripts.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.54.0.4
11.52.2.4
11.50.4.3
11.48.5.2

And some more shit, but this one is very bad. Time to update ASAP, or be rekt...

Thanked by 3jar GM2015 FlamesRunner

Comments

Sign In or Register to comment.