Type: Privilege Escalation
Product: Soholaunch (WHM Plugin)
Vulnerable Version: v25
Fixed Version: v27
Soholaunch Pro is not just an easy to use drag & drop site builder, but much more: it features a similarly easy to manage shopping cart system and allows you to create forms, newsletters, calendars, albums, blogs and more without the need to know any HTML code or scripting. All you need is your browser and your ideas.
The WHM plugin for Soholaunch Pro is vulnerable to a privilege escalation flaw during the update process that would allow an attacker to take control of any file on the server ultimately leading to a root compromise.
We have deemed this vulnerability to be rated as CRITICAL due to the fact that root access can be obtained.
This vulnerability was tested against Soholaunch (WHM Plugin) v25 and is believed to exist in all prior versions.
This vulnerability was patched in Soholaunch (WHM Plugin) v27.
Vendor Contact Timeline:
2013-09-28: Vendor contacted via email.
2013-11-19: Vendor confirms vulnerability.
2013-11-20: Vendor issues update.
2013-11-20: Rack911 issues security advisory.