Some serious security vulnerabilities exist in the web hosting platform cPanel & WHM allowing for remote attacks. Some of the bugs actually exist because of an intended feature, hence, remain unfixed.
cPanel & WHM Vulnerabilities
Researchers from the UK-based cybersecurity firm Fortbridge have found numerous security issues in the popular web hosting platform.
In a recent blog post, Adrian Tiron, Cloud AppSec Consultant at Fortbridge, explained that exploiting the vulnerabilities allows remote code execution attacks on cPanel & WHM.
Briefly, the researchers spotted the bugs during a black-box pentest of cPanel/WHM that supports entire server administration.
One of the bugs includes an XML External Entity (XXE) that existed in the reseller account the researchers tested. This issue…
Source link