• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 

Virtualizor - Privilege Escalation Vulnerability

Started by Kailash, June 25, 2013, 10:50:58 AM

WordPress Premium Themes


Print
Go Down Pages1
User actions

Kailash

June 25, 2013, 10:50:58 AM
QuoteType: Privilege Escalation
Impact: High
Product: Virtualizor
Website: http://www.virtualizor.com
Vulnerable Version: 2.3.0
Fixed Version: 2.3.1
CVE: -
Date: 2013-06-24
Reported By: http://www.safeornot.net / http://www.rack911.com

Product Description:

Virualizor is a powerful web based VPS Control Panel. It supports OpenVZ, Xen PV, Xen HVM and Linux KVM virtualization. Admins can create a VPS on the fly by the click of a button VPS users can start, stop, restart and manage their VPS using a very advanced web based GUI.

Vulnerability Description:

Virtualizor suffers from an SQL injection that allows an attacker to escalate their privileges to gain root access.

Proof of Concept:

Due to the nature of this vulnerability, we will not be releasing an exploit until a later date.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can obtain root access.

Vulnerable Version:

This vulnerability was tested against Virtualizor v2.3.0 is believed to exist in all prior versions.

Fixed Version:

This vulnerability was fixed in Virtualizor v2.3.1.

WordPress Premium Themes


Print
Go Up Pages1
User actions