Softaculous – Import (cPanel) Privilege Escalation Vulnerability

Softaculous

It is the leading auto installer with over 300 applications that can be installed by one click. The software is in use by thousands of web hosting companies and works with various control panels such as cPanel, Plesk, DirectAdmin, InterWorx and H-Sphere.

WHMCS Complete Billing and Support

Vulnerability Description:

It is possible for a malicious user to exploit a privilege escalation vulnerability within the Import function of Softaculous for cPanel which could lead to a root compromise.

Vulnerable Version:

This vulnerability was tested against Softaculous v4.3.6 for cPanel but it may exist in other control panel versions as well.

Fixed Version:

This vulnerability was patched in Softaculous v4.3.8.

If you are using Softaculous, it is highly recommended that you upgrade to latest version as soon as possible. For ongoing discussion on this vulnerability, please refer this thread.

Posted in Security.

One Comment

  1. Pingback: Softaculous Vulnerability - Upgrade Installation Privilege Escalation

Leave a Reply

Your email address will not be published. Required fields are marked *