Softaculous
It is the leading auto installer with over 300 applications that can be installed by one click. The software is in use by thousands of web hosting companies and works with various control panels such as cPanel, Plesk, DirectAdmin, InterWorx and H-Sphere.
Vulnerability Description:
It is possible for a malicious user to exploit a privilege escalation vulnerability within the Import function of Softaculous for cPanel which could lead to a root compromise.
Vulnerable Version:
This vulnerability was tested against Softaculous v4.3.6 for cPanel but it may exist in other control panel versions as well.
Fixed Version:
This vulnerability was patched in Softaculous v4.3.8.
If you are using Softaculous, it is highly recommended that you upgrade to latest version as soon as possible. For ongoing discussion on this vulnerability, please refer this thread.
Pingback: Softaculous Vulnerability - Upgrade Installation Privilege Escalation