Installatron 6.0.7, 6.0.9 - cPanel users could obtain a directory listing of any dir



DESCRIPTION


cPanel users could obtain a directory listing of any directory on the box.



IMPACT


Local users could obtain the names of cPanel session files from /var/cpanel/sessions/. Combined with another attack of being able to view any file on the box, this could lead to the disclosure of the plain text root password.