Intrusion Prevention

cPanel.FILEOP.Parameter.Multiple.XSS

Description

This indicates an attack attempt against a Cross Site Scripting vulnerability in cPanel.
The vulnerability is caused by an error when the vulnerable software handles a malicious "fileop" parameter. It allows a remote attacker to execute arbitrary scripts via sending a crafted web request.

Affected Products

cPanel cPanel 11.24.7
cPanel cPanel 11.24.4
cPanel cPanel 11.21 -BETA
cPanel cPanel 11.18.4
cPanel cPanel 11.18.3
cPanel cPanel 11.4.19
cPanel cPanel 11.0
cPanel cPanel 11.18.3-R21703
cPanel cPanel 11 beta
cPanel cPanel 11

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Update to the latest version, available from the website:
http://www.cpanel.net/index.html

CVE References

CVE-2009-4823