Advisory: cPanel can list all users accounts Published: Mar 17, 2004
  • Rating


A bug in cPanel that allows users to see all other users log files.

What systems are affected
Affected systems seem to be all versions of Cpanel 9x, possibly earlier on Red Hat 9, 7.2 and RHE.
We weren't able to test on other types of systems and will update this as more information becomes available.

What does it do
Users are able to list every users log files on the system, revealing all other domains hosted on the server.
You cannot download other users log files other than your own making the impact minimal.

How to fix the problem
Awaiting a response from Cpanel, no reported fixes yet.
We're currently discussing the article on the Cpanel Forums here.

  • Rating


Related Articles

Comments (0)

No one has commented on this page yet.

Add Your Thoughts is a hosting directory, not a web host.

Copyright © 1998-2024