Knowledgebase

WHMXtra (Reseller UI) - Arbitrary Command Execution Vulnerabilities (R911-0066)

Posted by Patrick, 09-11-2013, 04:01 PM
Product Description: WHMXtra is a unique addon module for cPanel servers, designed to turbo charge your WHM, adding many features you could normally only do via command line or not at all. Our cPanel Xtra Plugin adds even more functionality to your end users cPanel, saving your techs time and saving you money. Vulnerability Description: The reseller UI of WHMXtra is vulnerable to 8+ arbitrary command execution exploits that would allow an attacker to escalate their privileges to root access. Proof of Concept: Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date. Impact: We have deemed this vulnerability to be rated as HIGH due to the fact that root access can be obtained. Vulnerable Version: This vulnerability was tested against WHMXtra Reseller UI G2 v3.5. Fixed Version: This vulnerability was patched in WHMXtra Reseller UI G2 v3.7. Vendor Contact Timeline: 2013-08-22: Vendor contacted via email. 2013-08-22: Vendor confirms vulnerability. 2013-08-31: Vendor issues update. 2013-09-11: Rack911 issues security advisory.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
rgchost? (Views: 620)
GreenGeeks? (Views: 605)
Separate/Remote mail server for cPanel. Possible? (Views: 571)
WHM/cPanel how to redirect all suspended and 404 not found to my site? (Views: 592)
I Also Need a Host (Views: 553)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.