GoKawiilA critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication.
The security issue has been addressed in an emergency update that requires running a command manually to retrieve a patched version of the software.
Owned by WebPros International, WHM and cPanel are Linux-based web hosting control panels for server and website management. While WHM provides server-level control, cPanel provides administrator access to the website backend, webmail, and databases.
Both products are among the most widely deployed hosting control panels, popular with many hosting providers for their standardized interfaces, ease of use for non-technical users, and deep integration with common hosting stacks.
No technical details have been publicly disclosed, but the severity of the issue appears significant, as Namecheap temporarily blocked access to ports 2083 and 2087 used for WHM and cPanel to protect customers until patches were available.
"We regret to inform you that a critical security vulnerability has been identified in cPanel software affecting all currently supported versions," Namecheap said.
The hosting provider stated that the vulnerability, which has not received an official identifier, "relates to an authentication login exploit that could allow unauthorized access to the control panel.”
A few hours after Namecheap's notification, cPanel published a security bulletin informing that the security issue had been addressed in the following product versions:
11.110.0.97
11.118.0.63
... continue reading