cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
Software | From | Fixed in |
---|---|---|
cpanel / cpanel | 9.9.1_r3 | 9.9.1_r3.x |