Karol Wiêsek

**Name of the Vulnerable Software and Affected Versions** cPanel version 9.9.1-RELEASE-3 **Description** The issue allows remote authenticated users to change permissions of arbitrary files via a symlink attack on the private directory. This directory is created when Front Page extensions are enabled. **Recommendations** For cPanel version 9.9.1-RELEASE-3, consider disabling Front Page extensions to prevent the creation of the private directory and restrict access to the affected directory to minimize the risk of exploitation.