SpamExperts cPanel Plugin – Arbitrary File Overwrite

Post author:Kailash
Post published:July 1, 2014
Post category:Security
Post comments:0 Comments

SpamExperts cPanel Plugin – Arbitrary File Overwrite

SpamExperts provides managed email security in the cloud or on premises, Incoming email filtering, outgoing email filtering and email archiving. SpamExperts also offers integration with prominent control panels like cPanel, Plesk, DirectAdmin.

Vulnerability Description:

Reecntly there was a vulnerability discovered in their cPanel plugin which allows arbitrary file overwrite. Due to an arbitrary file overwrite vulnerability, it is possible for an attacker to overwrite / create any file on the server and ultimately perform a privilege escalation that could allow them to obtain root access. This flaw is present within the cPanel plugin for SpamExperts.

Impact:

Since it is possible to gain root access, this vulnerability was rated as HIGH.

Vulnerable Version:

This vulnerability is believed to be present in all builds prior to the fixed version.

Fixed Version:

This vulnerability was patched in SpamExperts (cPanel Plugin) 3.0.68547.

SpamExperts cPanel Plugin – Arbitrary File Overwrite

You Might Also Like

CVE-2014-0196 kernel: pty layer race condition leading to memory corruption

OpenSSL Security Updates – March 19, 2015

WHMCS Security Update v5.2.16 released

Leave a Reply Cancel reply