SpamExperts cPanel Plugin – Arbitrary File Overwrite

SpamExperts cPanel Plugin – Arbitrary File Overwrite

SpamExperts provides managed email security in the cloud or on premises, Incoming email filtering, outgoing email filtering and email archiving. SpamExperts also offers integration with prominent control panels like cPanel, Plesk, DirectAdmin.

WHMCS Complete Billing and Support

Vulnerability Description:

Reecntly there was a vulnerability discovered in their cPanel plugin which allows arbitrary file overwrite. Due to an arbitrary file overwrite vulnerability, it is possible for an attacker to overwrite / create any file on the server and ultimately perform a privilege escalation that could allow them to obtain root access. This flaw is present within the cPanel plugin for SpamExperts.

Impact:

Since it is possible to gain root access, this vulnerability was rated as HIGH.

Vulnerable Version:

This vulnerability is believed to be present in all builds prior to the fixed version.

Fixed Version:

This vulnerability was patched in SpamExperts (cPanel Plugin) 3.0.68547.

Posted in Security.