Soholaunch (WHM Plugin) – Local Privilege Escalation (R911-0090)

Type: Privilege Escalation
Location: Local
Impact: Critical
Product: Soholaunch (WHM Plugin)
Vulnerable Version: v25
Fixed Version: v27
R911: 0090
Date: 2013-11-20
By: Rack911

Product Description:

Soholaunch Pro is not just an easy to use drag & drop site builder, but much more: it features a similarly easy to manage shopping cart system and allows you to create forms, newsletters, calendars, albums, blogs and more without the need to know any HTML code or scripting. All you need is your browser and your ideas.

Vulnerability Description:

The WHM plugin for Soholaunch Pro is vulnerable to a privilege escalation flaw during the update process that would allow an attacker to take control of any file on the server ultimately leading to a root compromise.


We have deemed this vulnerability to be rated as CRITICAL due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against Soholaunch (WHM Plugin) v25 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in Soholaunch (WHM Plugin) v27.

Vendor Contact Timeline:

2013-09-28: Vendor contacted via email.
2013-11-19: Vendor confirms vulnerability.
2013-11-20: Vendor issues update.
2013-11-20: Rack911 issues security advisory.