Problem
A recently discovered vulnerability in AWStats allows users who can modify the awstats.conf file to execute arbitrary commands.
Impact
The cPanel software is not affected by this vulnerability since AWStats runs as the account’s system user, and not the root user. There are legitimate ways a cPanel user with access to a cPanel account can run arbitrary code on behalf of the account’s system user.
Solution
An update has been released, improving the overall security of the AWStats package. The following cPanel versions include this update:
If your system is updated to one of the above versions or later, then no further actions are required.
Comments
0 comments
Article is closed for comments.