Web hosting platform cPanel & WHM is vulnerable to authenticated RCE and privilege escalation


Adam Bannister

11 August 2021 at 10:58 UTC

Updated: 11 August 2021 at 14:32 UTC

Pen testers and vendor disagree over appropriate mitigations

Security researchers have achieved remote code execution (RCE) and privilege escalation on web hosting platform cPanel & WHM via a stored cross-site scripting (XSS) vulnerability.

cPanel & WHM is a suite of Linux tools that enable the automation of web hosting tasks via a graphical user interface (GUI). cPanel is used in the hosting of more than 168,000 websites, according to Datanyze.

During a black-box pen test, RCE was also demonstrated via a “more convoluted” CSRF bypass chained with a cross-site WebSocket hijacking attack that was possible…


Source link

About hosting

Check Also

Marcia Clark, "Informants: Lawyer X" Leads Wondery Exhibit C Lineup – Bleeding Cool

Posted in: Audio Dramas, TV | Tagged: marcia clark, wondery Wondery announced new shows for …

Leave a Reply

Your email address will not be published. Required fields are marked *