Kloxo Exploit – Zero day exploit

Kloxo Exploit – Zero day exploit

There is an active zero day Kloxo exploit with no workaround at this moment. If you are using Kloxo, it is recommended that you take necessary steps to protect your server immediately until there is an official patch is released to address this Kloxo exploit.

WHMCS Complete Billing and Support

Many hosting providers already suspended virtual machine which were using Kloxo. There is an SQL injection vulnerability within Kloxo which allows the attackers to gain admin access. Many hosting providers have reported that their clients Kloxo installations were compromised.

Again if you are using Kloxo on your server, it is highly recommend that you take necessary steps to protect your server. You can stop Kloxo via SSH using the following command:

/etc/init.d/kloxo stop

Also, you can subscribe to WebhostingTalk thread here. There is an ongoing discussion on this Kiloxo exploit.

This Post Has 5 Comments

  1. Kailash

    There is no updates since last 2 years so it looks like Kloxo is at dead end. This is a major vulnerability and really doubt they will be able release a patch sooner.

  2. Kailash

    As per WebHostingTalk thread, Kloxo MR (another Kloxo fork) also have few security vulnerabilities however it is not published yet.

  3. Kailash

    Kloxo 6.1.13 was released yesterday to address following security issues:

    – SQL Injection bug
    – Filemanager bug

    I have not tested it but it was mentioned in their release note.

  4. Kailash

    Kloxo 6.1.18 Released.. Stay tuned with their updates and bug fixes..

  5. Kailash

    There is a new update available for Kloxo. Kloxo 6.1.19 released on March 23, 2014.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.