Categories: cPanelSecurity

cPanel team releases security patches for 20 critical vulnerabilities

 

 

The cPanel security team has identified several security concerns in their control panel software. They have released patches to address all these security concerns with the cPanel and WHM product.  This patch addresses 20 vulnerabilities in cPanel & WHM software versions 11.54, 11.52, 11.50, and 11.48. The patches include following vulnerability fix

  1. Arbitrary code execution via unsafe @INC path.
  2. SQL injection vulnerability in bin/horde_update_usernames.
  3. Arbitrary code execution vulnerability during locale duplication.
  4. Password hashes revealed by bin/mkvhostspasswd script.
  5. Limited arbitrary file read in bin/setup_global_spam_filter.pl.
  6. Code execution as shared users via JSON-API.
  7. Password hash revealed by chcpass script.
  8. Arbitrary file overwrite in scripts/check_system_storable.
  9. Arbitrary file chown/chmod during Roundcube database conversions.
  10. Arbitrary file read and write via scripts/fixmailboxpath.
  11. Arbitrary file overwrite in scripts/quotacheck.
  12. Limited arbitrary file chmod in scripts/secureit.
  13. Arbitrary code execution via scripts/synccpaddonswithsqlhost.
  14. Self-XSS in WHM PHP Configuration editor interface.
  15. Missing ACL enforcement in AppConfig subsystem.
  16. Stored XSS in WHM Feature Manager interface.
  17. Self-XSS in X3 Entropy Banner interface.
  18. Unauthenticated arbitrary code execution via cpsrvd.

For more details regarding this announcement, please check the following article:

https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-announcement.520741/

 

To update the cPanel to latest  version  follow below steps :

Login to server via Shell  and run below command in screen .

#/scripts/upcp –force

 

Stay Secure!

Vishwajit Kale
Vishwajit Kale blazed onto the digital marketing scene back in 2015 and is the digital marketing strategist of Hostripples, a company that aims to provide affordable web hosting solutions. Vishwajit is experienced in digital and content marketing along with SEO. He's fond of writing technology blogs, traveling and reading.
View all posts
Tags: cpanel bugcpanel vulnerabilitieswhm vulnerabilities
10 years ago
Leave a Comment

Recent Posts

Designing a Christmas Website: Creative Ideas & Best Practices

With vibrant colors, cheerful graphics, and a sprinkle of festive magic, your website can instantly create an emotional connection and…

2 days ago

Meet Sora: The Game-Changing AI Video Model from ChatGPT

The world of artificial intelligence is evolving faster than ever — and one of the biggest breakthroughs is here. Sora,…

1 week ago

How to Design a Website for Black Friday 2025 (Complete Guide)

Black Friday 2025 is here — the biggest shopping moment of the year, where customers expect unbeatable prices, fast performance,…

3 weeks ago

301 Redirects for WordPress: What, Why & How (SEO Best Practices)

When you move or delete a page on your WordPress website, visitors — and search engines — can easily hit…

4 weeks ago

Meet Perplexity: AI That Thinks Like a Researcher

Introduction Artificial Intelligence has made remarkable strides — from writing poetry to generating code. Yet, most AIs still act like…

1 month ago

Resources