A critical vulnerability in the cPanel Nova plugin allows authenticated users to execute arbitrary Perl code, leading to potential full system compromise.

The vulnerability stems from insufficient input validation of the plugin parameter within the create_user function. This flaw allows an authenticated account holder to execute arbitrary Perl code with the privileges of the system user running the plugin.

With a CVSS score of 8.8, this vulnerability poses a severe threat to hosting environments. Successful exploitation allows for privilege escalation and arbitrary code execution, enabling an attacker to gain full control over the server and access all hosted data.

Immediate Action: Update the cPanel Nova plugin to the latest vendor-provided version that includes the input validation patch.

Proactive Monitoring: Inspect system logs for unexpected execution of Perl scripts or anomalous processes initiated by the cPanel user.

Compensating Controls: Temporarily disable the create_user functionality within the Nova plugin if a patch cannot be immediately deployed.

Public Exploit Available: false

The severity of this remote code execution flaw requires immediate patching. Administrators should audit their cPanel environments for the presence of the Nova plugin and ensure all updates are applied to mitigate the risk of server-wide compromise.