News

cPanel Security Advisory | Code execution due to faulty file extension dispatching.

Published on July 21st, 2020 cPanel has released a new cPanel security advisory for all public updates. These updates address security concerns with the cPanel & WHM product. This advisory is concerned with code execution due to faulty file extension dispatching in Cpanel and is currently available to all customers via the standard update system.

Aligning to industry best practices and standards of providing the best services to you, we publish security advisories that are designed to provide timely information to all our esteemed customers.

cPanel Security – TSR-2020-0004 Full Disclosure

cPanel and WHM’s cpsrvd daemon did not verify that some file extensions matched the actual file that would handle a request before dispatching the request to the file extension’s handler. 

In a default configuration of cPanel & WHM, this allowed webmail accounts to execute code on the server.

Also read,

How to identify and Prevent Common Security Threats to Your Website

Solution

This issue is resolved in the following builds:
11.88.0.13
11.86.0.24

We at Hostripples always encourage our customers to pursue the best practices of security to keep their systems updated, protected, and patched against recognized vulnerabilities.

Official references and security advisories:

https://news.cpanel.com/cpanel-tsr-2020-0004-full-disclosure/


If you have any queries regarding the patching/updates on Hostripples Networks infrastructure, you may write an email to support@hostripples.com


Amit Jadhav
Amit Jadhav is working in Hostripples since years he is a passionate engineer... He is working as a senior technical support engineer, as it's a responsible position because it's a lifeline to our customers... Moreover he is dealing in troubleshooting server problems and is always ready to assist our customers in technical issues... Hostripples is glad to have Amit Jadhav on the board...

Recent Posts

The Ultimate Showdown: Linux vs Windows for VPS Hosting

As the demand for virtual private servers (VPS) continues to grow, businesses and individuals are faced with a crucial decision:…

2 weeks ago

Questions to Ask Your Web Hosting Support Team

Web hosting is a large industry, as many other factors help any web hosting provider to form a company. The…

2 weeks ago

How to Secure Your WordPress Site in 2025

Welcome to the complete guide to WordPress security best practices in 2024. As technology evolves rapidly, implementing strong security measures…

3 weeks ago

Unlocking the Secrets of Hosting: Essential Questions to Ask Hostripples

Hey, wanted to learn about web hosting? Or do you want to start a new website and need hosting? Questions…

3 weeks ago

DDoS Attacks: What You Need to Know for Protection

In today's digital world, the threat of DDoS attacks has become increasingly prevalent. These types of attacks have the power…

1 month ago