This high-severity vulnerability was reported by Namecheap and allows attackers with FTP or web shell access to escalate privileges to root on shared hosting servers running CloudLinux/CageFS. This vulnerability affects all user-end plugin versions before 2.4.8 and stems from a 'UNIX symlink following' weakness.
| Vendor | Product | Versions |
|---|---|---|
| litespeedtech | litespeed_cpanel_plugin | 2.3 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| litespeedtech | litespeed_whm_plugin | cve_cpe | 95% |
Updated description with more technical details and confirmed that the vulnerability is actively exploited.
Added a description indicating the vulnerability is a case of privilege escalation and marked exploit availability as true.
Updated severity to CRITICAL, marked as actively exploited, and added affected version 2.4.7 and new tag for remote attack.
Initial creation
