David Hertenstein

**Name of the Vulnerable Software and Affected Versions** cPanel versions prior to 11.136.0.9 cPanel versions prior to 11.136.1.10 (WP Squared) cPanel versions prior to 11.134.0.25 cPanel versions prior to 11.132.0.31 cPanel versions prior to 11.130.0.22 cPanel versions prior to 11.126.0.58 cPanel versions prior to 11.124.0.37 cPanel versions prior to 11.118.0.66 cPanel versions prior to 11.110.0.117 cPanel versions prior to 11.110.0.116 (cl6110) cPanel versions prior to 11.102.0.41 cPanel versions prior to 11.94.0.30 cPanel versions prior to 11.86.0.43 **Description** Insufficient input validation of the feature file name in the `feature::LOADFEATUREFILE` AdminBin call can lead to arbitrary file read when a relative file path is provided. **Recommendations** Update to version 11.136.0.9 or higher. Update to version 11.136.1.10 or higher (WP Squared). Update to version 11.134.0.25 or higher. Update to version 11.132.0.31 or higher. Update to version 11.130.0.22 or higher. Update to version 11.126.0.58 or higher. Update to version 11.124.0.37 or higher. Update to version 11.118.0.66 or higher. Update to version 11.110.0.117 or higher. Update to version 11.110.0.116 or higher (cl6110). Update to version 11.102.0.41 or higher. Update to version 11.94.0.30 or higher. Update to version 11.86.0.43 or higher.

**Name of the Vulnerable Software and Affected Versions** cPanel versions prior to 11.136.0.9 cPanel versions prior to 11.136.1.10 (WP Squared) cPanel versions prior to 11.134.0.25 cPanel versions prior to 11.132.0.31 cPanel versions prior to 11.130.0.22 cPanel versions prior to 11.126.0.58 cPanel versions prior to 11.124.0.37 cPanel versions prior to 11.118.0.66 cPanel versions prior to 11.110.0.117 cPanel versions prior to 11.110.0.116 (cl6110) cPanel versions prior to 11.102.0.41 cPanel versions prior to 11.94.0.30 cPanel versions prior to 11.86.0.43 **Description** Insufficient input validation of the `plugin` parameter within the `create user` plugin enables arbitrary Perl code execution. This action is performed on behalf of the system user of the already authenticated account. **Recommendations** Update to version 11.136.0.9 or higher. Update to version 11.136.1.10 or higher (WP Squared). Update to version 11.134.0.25 or higher. Update to version 11.132.0.31 or higher. Update to version 11.130.0.22 or higher. Update to version 11.126.0.58 or higher. Update to version 11.124.0.37 or higher. Update to version 11.118.0.66 or higher. Update to version 11.110.0.117 or higher. Update to version 11.110.0.116 or higher (cl6110). Update to version 11.102.0.41 or higher. Update to version 11.94.0.30 or higher. Update to version 11.86.0.43 or higher. Restrict access to WHM management ports 2086 and 2087 to trusted IP addresses. Disable the Terminal feature within the WHM UI.

**Name of the Vulnerable Software and Affected Versions** cPanel Nova plugin versions prior to 11.136.0.9 cPanel Nova plugin versions prior to 11.136.1.10 (WP Squared) cPanel Nova plugin versions prior to 11.134.0.25 cPanel Nova plugin versions prior to 11.132.0.31 cPanel Nova plugin versions prior to 11.130.0.22 cPanel Nova plugin versions prior to 11.126.0.58 cPanel Nova plugin versions prior to 11.124.0.37 cPanel Nova plugin versions prior to 11.118.0.66 cPanel Nova plugin versions prior to 11.110.0.117 cPanel Nova plugin versions prior to 11.110.0.116 (cl6110) cPanel Nova plugin versions prior to 11.102.0.41 cPanel Nova plugin versions prior to 11.94.0.30 cPanel Nova plugin versions prior to 11.86.0.43 **Description** A chmod call in the `Cpanel::Nova::Connector` function follows symlinks, which allows an authenticated user to set root permissions on arbitrary system files or directories. This occurs when a user places a symlink at a user-controlled legacy Nova path within their home directory, potentially leading to local privilege escalation or a denial-of-service (DoS) condition. **Recommendations** Update to version 11.136.0.9 or higher. Update to version 11.136.1.10 or higher (WP Squared). Update to version 11.134.0.25 or higher. Update to version 11.132.0.31 or higher. Update to version 11.130.0.22 or higher. Update to version 11.126.0.58 or higher. Update to version 11.124.0.37 or higher. Update to version 11.118.0.66 or higher. Update to version 11.110.0.117 or higher. Update to version 11.110.0.116 or higher (cl6110). Update to version 11.102.0.41 or higher. Update to version 11.94.0.30 or higher. Update to version 11.86.0.43 or higher.