Type: File Inclusion
Vulnerable Version: v6.4
Fixed Version: v6.5
WHMPHP is a control panel developed for creating Master Resellers and Resellers. With the Master Reseller privilege, a reseller can resell reseller accounts, control the reseller quotas , assign private name servers, suspend, unsuspend, as well as terminate resellers.
WHMPHP is vulnerable to a local file inclusion exploit that would allow a malicious reseller to run any PHP code which could ultimately lead to a root compromise.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as HIGH due to the fact that a malicious reseller can execute PHP code as root.
This vulnerability was tested against WHMPHP v6.4 and is believed to exist in all prior versions.
This vulnerability was patched in WHMPHP 6.5.
Vendor Contact Timeline:
2013-09-13: Vendor contacted via email.
2013-09-13: Vendor confirms vulnerability.
2013-09-15: Vendor issues update.
2013-09-18: Rack911 issues security advisory.