SpamExperts cPanel Plugin – Arbitrary File Overwrite
SpamExperts provides managed email security in the cloud or on premises, Incoming email filtering, outgoing email filtering and email archiving. SpamExperts also offers integration with prominent control panels like cPanel, Plesk, DirectAdmin.
Reecntly there was a vulnerability discovered in their cPanel plugin which allows arbitrary file overwrite. Due to an arbitrary file overwrite vulnerability, it is possible for an attacker to overwrite / create any file on the server and ultimately perform a privilege escalation that could allow them to obtain root access. This flaw is present within the cPanel plugin for SpamExperts.
Since it is possible to gain root access, this vulnerability was rated as HIGH.
This vulnerability is believed to be present in all builds prior to the fixed version.
This vulnerability was patched in SpamExperts (cPanel Plugin) 3.0.68547.