cPanel mod_php suexec Privilege Escalation Vulnerability

emeric21

Well-Known Member
Aug 5, 2002
49
0
156
I see that nobody sent that here
The vulnerability can only be used by local user:

Translate from french:
"A local vulnerability was identified in CPANEL, it could be exploited by a user so up his privileges. The problem is at the level of mod_php which uses suexec in a nonprotected way. It is possible to execute a script malicious php with the privileges d'un another users via the variable "PATH_INFO". I ((cached the hack code.)))

* Vulnerable versions *
CPANEL 5.X CPANEL 6.X CPANEL 7.X CPANEL 8.X CPANEL 9.X"

I will sent this to cpanel via my WHM.
 

emeric21

Well-Known Member
Aug 5, 2002
49
0
156
Yeah,
Cpanel tech send me this:

This "vulnerability" had already been resolved. If you are not running the latest version of apache as of April 15th, please run /scripts/easyapache from the root shell.