cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cpanel | Cpanel | 9.9.1_r3 (including) | 9.9.1_r3 (including) |