Web hosting platform cPanel & WHM is vulnerable to authenticated RCE

hosting August 11, 2021 Web Shared Hosting News Leave a comment 18 Views


Adam Bannister

11 August 2021 at 10:58 UTC

Updated: 11 August 2021 at 11:02 UTC

Pen testers and vendor disagree over appropriate mitigations

Security researchers have achieved remote code execution (RCE) on web hosting platform cPanel & WHM after bypassing CSRF protections and escalating privileges via a stored cross-site scripting (XSS) vulnerability.

cPanel & WHM is a suite of Linux tools that enable the automation of web hosting tasks via a graphical user interface (GUI). cPanel is used in the hosting of more than 168,000 websites, according to Datanyze.

During a black-box pen test, RCE was also demonstrated via a “more convoluted” cross-site WebSocket hijacking attack that was…


Source link

Tags

About hosting

Check Also

Laura Woods won't host Tyson Fury vs Oleksandr Usyk after suffering horror injury

Laura Woods won't host Tyson Fury vs Oleksandr Usyk after suffering horror injury

Laura Woods has been forced to pull out of hosting Tyson Fury vs Oleksandr Usyk …

Leave a Reply

Your email address will not be published. Required fields are marked *