Today softaculous has announced an update to its script installer. This update is crucial as it corrects a bug in the software that allows a reseller to view/delete the contents of the files from the Error Log page in softaculous Reseller panel by providing path of the file.
According to softaculous this vulnerability was patched in version v4.2.3.
Any version 4.2.2 or earlier needs to be updated as soon as possible.
NOTE: All shared and reseller customers have been updated by HostDime
To update your softaculous installation:
- Log into WHM
- Go to “WHM >> Plugins >> Softaculous – Instant Installs >> Updates >> Update Softaculous
Alternately you can run the following in shell:
/usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php
[divider]
Please feel free to contact the HostDime support team with any questions.
Hat Tip to Stephen of BigWetFish for bringing this to our attention.