cPanel Security Advisory: CVE 2009-2275

Updated builds of cPanel 11.24.4 that fix a security issue are available for users of EDGE, CURRENT, RELEASE and STABLE.

Security Rating
This update has been rated as having a trivial security impact by the cPanel Security team.

The Latest Visitors interface ( /frontend/x3/stats/lastvisit.html ) displays the last few entries from the access_log of a selected domain owned by an account. Due to improper handling of user input, an authenticated user could use a carefully crafted URL to view the contents of world-readable files on the system.

cPanel users should update to 11.24.4 build 36912 or higher, which contain a fix for this issue.