Installatron 6.0.7, 6.0.9 - cPanel users could view any file on the box



DESCRIPTION


cPanel users could view any file. Combined with the issue of being able to obtain a directory listing of any directory, this is very bad considering the contents of /var/cpanel/sessions/.



IMPACT


Obtain sensitive data, with the worst case scenario being the plain text root password.