Cloudflare_data.yaml File Deletion Vulnerability
CloudFlare protects your website against DDoS and accelerates your website using their content delivery networks. Once you use CloudFlare, your website contents will be delivered directly by CloudFlare global networks. It also blocks threats and limit the abusive bots. This helps to save the bandwidth of your website as well as your server resources.
CloudFlare also provides cPanel plugin which allows webhosts to integrate CloudFlare in cPanel directly. There was a vulnerability in CloudFlare (cPanel Plugin) v4.5 as follow:
It is possible for a malicious user to delete the Cloudflare_Data.yaml file belonging to any user on a server running CloudFlare’s cPanel plugin due to an input validation failure however it is not possible to obtain any sensitive data or anything using this vulnerability.
This vulnerability was tested against CloudFlare (cPanel Plugin) v4.5 and is believed to exist in all prior versions.
This vulnerability was patched in CloudFlare cPanel Plugin v4.7.
As always, this vulnerability was discovered by Rack911 (a server management company). It is highly recommended that you upgrade your CloudFlare cPanel Plugin to v4.7 as soon as possible.