cPanel 11.24.7-BETA_35691 - resellers can create resellers



DESCRIPTION


A reseller could create another reseller account - no "master reseller" software needed. This was done by simply appending the following to the end of the /scripts5/wwwacct string in the browser:

&reseller=1&ownerself=1



IMPACT


Resellers could create other resellers, which could potentially be unaccounted for. I don't remember what the logs looked like when this happened (/usr/local/cpanel/logs/{access_log,error_log} and /var/cpanel/accounting.log).