cPanel Remote Privilege Escalation vulnerability
Medium Nessus Network Monitor Plugin ID 4509
SynopsisThe remote host is vulnerable to a remote 'privilege escalation' flaw
DescriptionThe remote host is running cpanel, a web-hosting control panel. The remote version of this software is vulnerable to a flaw wherein users can gain Administrative access. The root of the flaw is in the way that this version of cPanel allows new user accounts to access the root directory. An attacker, exploiting this flaw, would need the ability to authenticate and the ability to create a new user. Successful exploitation would result in the attacker gaining administrative access.
SolutionUpgrade to version greater than 11.18.4