Users login

Create an account »


Users login

Home » Hacking News » cPanel File Manager vulnerability

cPanel File Manager vulnerability

by Nikola Strahija on February 28th, 2006 A vulnerability was discovered in the File Manager feature of the popular cPanel web hosting system. Presumably, any file hosted on a cPanel server with File Manager editor can be edited without any authorization.

The problem lies in the WysiwygPro Editor included in the cPanel File Manager. As reported by cPanel staff, a fix for this vulnerability is being tested in the EDGE version of cPanel.

I tried to disable the file manager by doing the following:
WHM > "Packages" > "Feature Manager" > Default list Edit > Untick File Manager > Save (then restarted cPanel /etc/init.d/cpanel restart)

The File Manager was still accessible (via it's known URL) and enabled although it wasn't shown in the cpanel home.

By running: "chmod 000 /usr/local/cpanel/3rdparty/WysiwygPro" the WysiwygPro editor is disabled.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »