Softaculous Vulnerability – Upgrade Installation (cPanel) Privilege Escalation

Softaculous Vulnerability

Softaculous is the leading auto installer script with over 300 applications that can be installed by one click. The software is being used by thousands of web hosting companies and works with various control panels such as cPanel, Plesk, DirectAdmin, InterWorx and H-Sphere.

WHMCS Complete Billing and Support

Vulnerability Description:

It is possible for a malicious reseller to exploit a privilege escalation vulnerability within the Upgrade Installation function of Softaculous (cPanel) that could lead to a root compromise. Since it is possible to gain root access using this Softaculous vulnerability, it was rated as CRITICAL.

Vulnerable Version:

This Softaculous vulnerability was tested against Softaculous v4.3.9 for cPanel but it may exist in other control panel versions as well.

Fixed Version:

This vulnerability was patched in Softaculous v4.4.0.

If you are using Softaculous, it is highly recommended that you upgrade to latest version as soon as possible. This vulnerability was discovered by Rack911 (a leading server management company).

This was the second security update in the current month released by Softaculous. On January 02, 2014, they released a patch to address another privilege escalation vulnerability.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.