cPanel Security Update | Code execution due to faulty file extension dispatching

Table of Contents

Published on July 21st, 2020 cPanel has released a new cPanel security advisory for all public updates. These updates address security concerns with the cPanel & WHM product. This advisory is concerned with code execution due to faulty file extension dispatching in Cpanel and is currently available to all customers via the standard update system.

Aligning to industry best practices and standards of providing the best services to you, we publish security advisories that are designed to provide timely information to all our esteemed customers.

cPanel Security – TSR-2020-0004 Full Disclosure

cPanel and WHM’s cpsrvd daemon did not verify that some file extensions matched the actual file that would handle a request before dispatching the request to the file extension’s handler.

In a default configuration of cPanel & WHM, this allowed webmail accounts to execute code on the server.

Also read,

How to identify and Prevent Common Security Threats to Your Website

Solution

This issue is resolved in the following builds:
11.88.0.13
11.86.0.24

We at Hostripples always encourage our customers to pursue the best practices of security to keep their systems updated, protected, and patched against recognized vulnerabilities.

Official references and security advisories:

https://news.cpanel.com/cpanel-tsr-2020-0004-full-disclosure/

If you have any queries regarding the patching/updates on Hostripples Networks infrastructure, you may write an email to support@hostripples.com

Amit Jadhav

Amit Jadhav is working in Hostripples since years he is a passionate engineer... He is working as a senior technical support engineer, as it's a responsible position because it's a lifeline to our customers... Moreover he is dealing in troubleshooting server problems and is always ready to assist our customers in technical issues... Hostripples is glad to have Amit Jadhav on the board...

No.1 Services of world

I am one of the crazy reseller of hostripples since 4 years , I am the one of who rise maxim ticket and chat conversation with them. No words how they have help me in many ways . Once the server is suspended no company in this world unsuspended before payment get release but they always understand the customers situation and give the maximum gross period.

webtids

Server Performance is Good

I am a web Developer and so I need multiple hosting services as per my client’s requirement ranging from shared hosting services to dedicated servers. Looking at the plans of Hostripples, the pricing was very competitive. I decided to give them a try, I started with their very basic package. As I was Impressed, I decided to try their service with a couple of more sites which went quite well as their support team provides free migration.

WP Design

Supportive and Efficient

I worked with Evelin tonight on solving password issues, turning my account back on and paying my years subscription. She solved problems quickly and guided me successfully through the maze of issues. Evelin was very professional and a pleasure to work with and deserves positive recognition for a job well done.

Mark Wickens

Quick Responsiveness

I have been using Hostripples since 2017. Other than value for money, what actually shines through is their engagement, whether it is to their Support, Sales, and Billing. My recent interaction with Bishop in Support was smooth, 30 minutes, in which I purchased a domain, and then Bishop had it point to the servers, email me, etc. That’s a quick purchase from zero to domain readiness.

Vir Rawlley

Good Technical Support

Good support is given from the company. Technical support team Executive Myra given proper information and supported us for resolving our issue. She is very supporting person. Every client would expect this kind of service from any company from whom they purchase any product especially when it is related to IT.

PG Exports

Highly Recommended

Bishop was very helpful and helped me to set up my second account with Hostripples. I will recommend this company.

Forex and Profits

Really Good Experience

The pricing is really competitive and support team is available 24×7.
I had a really good experience with the support provided by Tilok from support team.

Akash Mahurkar

Amazing Support

I am happy with amazing support and special thanks to Barry who doing great job in support.
thanks.

Subhash chhabra

cPanel Security Advisory | Code execution due to faulty file extension dispatching.

cPanel Security – TSR-2020-0004 Full Disclosure

Amit Jadhav

You May Also Like

Leave a ReplyCancel reply

30 Days Money Back Guarantee

99.99% Uptime Guarantee

24/7 Technical Phone Support

Video Library

cPanel Security – TSR-2020-0004 Full Disclosure

Amit Jadhav

Share this:

You May Also Like

Leave a ReplyCancel reply

30 Days Money Back Guarantee

99.99% Uptime Guarantee

24/7 Technical Phone Support

Video Library

Hostadvice Awards Hostripples Web Hosting