A serious vulnerability (identifier CVE-2023-29489) exists in the cPanel website management software, which is dangerously threatening to millions of websites around the world.
According to Bkav experts, CVE-2023-29489 is one of the typical web vulnerabilities, allowing hackers to steal user data such as information, session, etc., allowing command execution, and machine control. remote web host.
The vulnerability affects cPanel management ports 2080, 2082, 2083, and 2086 and applications running on default web service ports 80 and 443. That means millions of websites managed by cPanel are at risk. attacked, especially when the mining code (PoC) has been published
Mr. Nguyen Van Cuong, Cybersecurity Director of Bkav said: “cPanel is a website hosting management software, with more than 1.4 million installations connected to the internet. A cPanel manages from one to many websites, so The scope of influence will be very wide.”