cPanel – Getpkginfo (Root) Arbitrary File Access (R911-0109)

Type: Arbitrary File Access
Location: Remote
Impact: High
Product: cPanel
Vulnerable Version: All versions prior to the fixed builds below.
Fixed Version:,, &
CVE: -
R911: 0109
Date: 2013-12-24
By: Rack911

Product Description:

cPanel is an easy-to-use control panel that gives web hosts and the website owners they serve, the ability to quickly and easily manage their servers and websites. Web Host Manager (WHM) is a part of the
cPanel software, often used by resellers and system administrators.

Vulnerability Description:

It is possible for a reseller to exploit a vulnerability in getpkginfo to open any file on the server, regardless of ownership which could ultimately lead to a root compromise. There is also a directory traversal present.


We have deemed this vulnerability to be rated as HIGH due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against cPanel 11.40.0 #19 and is believed to exist in all versions prior to the fixed builds below.

Fixed Version:

This vulnerability was patched in cPanel,, &

Vendor Contact Timeline:

2013-12-19: Vendor contacted via email.
2013-12-20: Vendor confirms vulnerability but claims they found it. We “politely” disagree.
2013-12-21: Vendor issues updates to all builds.
2013-12-24: Rack911 issues security advisory.