Code execution due to faulty file extension dispatching - Cpanel
Table of Contents
Published on July 21st, 2020 cPanel has released a new cPanel security advisory for all public updates. These updates address security concerns with the cPanel & WHM product. This advisory is concerned with code execution due to faulty file extension dispatching in Cpanel and is currently available to all customers via the standard update system.
Aligning to industry best practices and standards of providing the best services to you, we publish security advisories that are designed to provide timely information to all our esteemed customers.
cPanel and WHM’s cpsrvd daemon did not verify that some file extensions matched the actual file that would handle a request before dispatching the request to the file extension’s handler.
In a default configuration of cPanel & WHM, this allowed webmail accounts to execute code on the server.
Also read,
How to identify and Prevent Common Security Threats to Your Website
Solution
This issue is resolved in the following builds:
11.88.0.13
11.86.0.24
We at Hostripples always encourage our customers to pursue the best practices of security to keep their systems updated, protected, and patched against recognized vulnerabilities.
Official references and security advisories:
https://news.cpanel.com/cpanel-tsr-2020-0004-full-disclosure/
If you have any queries regarding the patching/updates on Hostripples Networks infrastructure, you may write an email to support@hostripples.com
Customer support has always been the backbone of the web hosting industry. From helping users set up domains to troubleshooting…
Content is the most vital asset for businesses navigating the digital era. But creating high-quality, engaging content consistently can be…
Welcome to the exciting world of Ollama, a revolutionary open-source tool that's democratizing access to Large Language Models (LLMs). If…
Managing files on your Amazon EC2 instances can often feel like navigating a complex maze, especially when you prefer a…
Welcome to the world of database management with MySQL Workbench! If you're new to databases or looking for a powerful,…