Several critical vulnerabilities in Kloxo hosting platform
According to an advisory from Milw0rm, the web hosting platform Kloxo (formerly Lxadmin) from lxlabs, billed by them as the most advanced and flexible hosting platform on this planet, contains 24 security vulnerabilities and exploits. Among them are SQL injection vulnerabilities, symlink attack vulnerabilities, vulnerabilities that allow gaining full access to any file on the system, and many more. Additionally, Kloxo installations also use several different default passwords in their database, which could easily be used by an attacker. According to the Internet Storm Center, some of the vulnerabilities are already being exploited in the wild.
The vulnerabilities are confirmed to affect version 5.75 of Kloxo. The current 6.0 release may also be affected, however, more information is not available at this time. The developers have been advised of these problems.
- Kloxo 5.75 (24 Issues) Multiple Remote Vulnerabilities, security advisory from Milw0rm.