OSVDB ID: 94902

Title: RVSiteBuilder Plugin for cPanel Unspecified Hardlink Arbitrary File Access

Info

Disclosure

Jun 24, 2013

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 17, 2013

Description

RVSiteBuilder Plugin for cPanel contains an unspecified flaw that is triggered when performing a hardlink against an unspecified file. This may allow a remote attacker to gain access to arbitrary files.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Authentication Required

Solution

It has been reported that this issue has been fixed. Upgrade to version 5.0.33, or higher, to address this vulnerability.

Products

RV Global Soft Co.,Ltd.

RVSiteBuilder Plugin for cPanel

5.0.31

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/94902