Shared Hosting
Shared HostingKnowledgebase
Portal Home > Knowledgebase > Articles Database > WHMPHP - Arbitrary Command Execution (R911-0070)
WHMPHP - Arbitrary Command Execution (R911-0070)
 |
 |
 |
Posted by Steven, 09-18-2013, 04:18 PM Product Description: WHMPHP is a control panel developed for creating Master Resellers and Resellers. With the Master Reseller privilege, a reseller can resell reseller accounts, control the reseller quotas , assign private name servers, suspend, unsuspend, as well as terminate resellers. Vulnerability Description: There is a flaw within the IP Unblocker (CSF) feature that allows an attacker to manipulate WHMPHP to run commands as root via a normal reseller account under WHM or a master reseller account under cPanel. Proof of Concept: Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date. Impact: We have deemed this vulnerability to be rated as HIGH due to the fact that a normal user can gain an instant root shell. Vulnerable Version: This vulnerability was tested against WHMPHP v6.4 and is believed to exist in all prior versions. Fixed Version: This vulnerability was patched in WHMPHP 6.5. Vendor Contact Timeline: 2013-05-23: Vendor contacted via email. 2013-05-25: Vendor confirms vulnerability. 2013-05-25: Vendor issues update. 2013-09-18: Rack911 issues security advisory.
Posted by Patrick, 09-18-2013, 04:32 PM It should be known that this vulnerability was promptly fixed, however, due to a series of other vulnerabilities not yet patched we opted not to release an advisory until we were confident that everything was secure.
Add to Favourites 
Print this Article
Also Read
