cPanel – Content Manipulation (R911-0041)

Type: Content Manipulation
Location: Local
Impact: High
Product: cPanel
Vulnerable Version: All versions prior to the fixed builds below.
Fixed Version:,,,
CVE: -
R911: 0041
Date: 2013-07-18

Product Description:

cPanel is an easy-to-use control panel that gives web hosts and the website owners they serve, the ability to quickly and easily manage their servers and websites. Web Host Manager (WHM) is a part of the cPanel software, often used by resellers and system administrators.

Vulnerability Description:

There is a flaw within WHM that allows an attacker to add, delete and/or modify any DNS zone on the server. The end result is that an attacker would be able to hijack a domain hosted on the same server or the DNS cluster if used.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.


We have deemed this vulnerability to be rated as HIGH due to the fact that any DNS zone can be modified.

Vulnerable Version:

This vulnerability was tested against cPanel and is believed to exist in all versions prior to the fixed builds below.

Fixed Version:

This vulnerability was patched in cPanel,,,

Vendor Contact Timeline:

2013-06-27: Vendor contacted via email.
2013-06-27: Vendor confirms vulnerability.
2013-07-15: Vendor issues updates to all builds.
2013-07-18: Rack911 issues security advisory.