Kloxo Exploit – Zero day exploit

Kloxo Exploit – Zero day exploit

There is an active zero day Kloxo exploit with no workaround at this moment. If you are using Kloxo, it is recommended that you take necessary steps to protect your server immediately until there is an official patch is released to address this Kloxo exploit.

WHMCS Complete Billing and Support

Many hosting providers already suspended virtual machine which were using Kloxo. There is an SQL injection vulnerability within Kloxo which allows the attackers to gain admin access. Many hosting providers have reported that their clients Kloxo installations were compromised.

Again if you are using Kloxo on your server, it is highly recommend that you take necessary steps to protect your server. You can stop Kloxo via SSH using the following command:

/etc/init.d/kloxo stop

Also, you can subscribe to WebhostingTalk thread here. There is an ongoing discussion on this Kiloxo exploit.

Posted in Security.

5 Comments

  1. There is no updates since last 2 years so it looks like Kloxo is at dead end. This is a major vulnerability and really doubt they will be able release a patch sooner.

  2. Kloxo 6.1.13 was released yesterday to address following security issues:

    – SQL Injection bug
    – Filemanager bug

    I have not tested it but it was mentioned in their release note.

Leave a Reply

Your email address will not be published. Required fields are marked *