Possible SQL exploit in Vcpanel [SOLVED]

jhamon · 2010-08-07 08:07:25

jhamon
Member
Offline

Registered: 2010-06-18
Posts: 24

Topic: Possible SQL exploit in Vcpanel [SOLVED]

Hi,

Please respond urgently to the following

One of my clients has discovery the following exploit that we think would allow someone to reset any vps' root password, if he have a vcPanel account .

John

admin · 2010-08-07 09:11:20

admin
Administrator
Offline

Registered: 2009-07-28
Posts: 335

Re: Possible SQL exploit in Vcpanel [SOLVED]

Hello,

This is fixed and updated the distribution files too. So it is replaced from the downloads of today Aug 7 th 2010 . All other previous installations are requested to do the fix as follows,

----------
This bug is fixed . Please download the updated file from http://download.vcpanel.net/updates/file122.php.zip and extract it , then copy to /usr/local/vcpanel/htdocs/vclient/treeview/

Steps :
# wget -c http://download.vcpanel.net/updates/file122.php.zip
# unzip file122.php.zip
# chown vcpanel.vcpanel file122.php
# cp -f file122.php /usr/local/vcpanel/htdocs/vclient/treeview/

Syslint Technologies | 24x7 Server Management | Outsourced Support | Software Development - (0091) 471-3273-211

Possible SQL exploit in Vcpanel [SOLVED]

Posts: 2

1 Topic by jhamon 2010-08-07 08:07:25

Topic: Possible SQL exploit in Vcpanel [SOLVED]

2 Reply by admin 2010-08-07 09:11:20

Re: Possible SQL exploit in Vcpanel [SOLVED]

Posts: 2