In association with heise online

11 June 2013, 15:40

zPanel vulnerability permits root access to server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

zPanel logo

A security vulnerability which can be exploited by an attacker to obtain root access to the server has been discovered in zPanel. The security vulnerability lurks in the ZPX HTPASSWD module. The zPanel development team is working on a patch and a hotfix which can be applied manually is circulating on forums.

The module's failure to adequately check user input means that an authenticated attacker can inject arbitrary shell commands into the server. Head developer Bobby Allen has explicitly advised zPanel users to disable the vulnerable module.

The open source, GPLv3-licensed zPanel project last hit the headlines when a support worker's insulting attitude towards a forum user provoked other users to take revenge by hacking the main zPanel server.



  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit