Overview
Recently-discovered flaws in the cgiemail
and cgiecho
scripts have caused cPanel, Inc. to remove support for them in cPanel & WHM. The upstream author of the cgiemail
scripts has not provided maintenance in over a decade. While cPanel, Inc. has provided patches for issues and vulnerabilities when we discover them, modern shared hosting environments should not depend on this script.
To remove the cgiemail
and cgiecho
scripts from your system, perform the correct steps for your version of cPanel & WHM:
- cPanel & WHM version 64 and earlier — Manually remove the
cgiemail
andcgiecho
scripts from thecgi-sys
directory andcgi-bin
directories. To do this, manually run the/usr/local/cpanel/scripts/clean_cgiemail
script. - cPanel & WHM version 68 — Remove these scripts via the Feature Showcase interface when you log in to WHM. This feature automatically runs the
/usr/local/cpanel/scripts/clean_cgiemail
script.
The clean_cgiemail
script
The /usr/local/cpanel/scripts/clean_cgimail
script removes the cpanel-cgiemail
RPM from the system. It also removes copies of the cgiemail
and cgiecho
scripts from users' cgi-bin
directories.
To use this script, run the following command:
/usr/local/cpanel/scripts/clean_cgimail [arguments]
Arguments
The /usr/local/cpanel/scripts/clean_cgimail
script accepts the following arguments:
Argument | Purpose |
---|---|
--rpm | Remove the cgiemail RPM. |
--docroot | Remove the cgiemail scripts from users' home directories. |
--user=username | Remove the Note: Use this argument with the |
--dryrun | Only view a list of files that the script will remove. |
--notify | Send a notification to the system administrator when the script runs. |
Example
For example, run the following command to remove the cpanel-cgiemail
RPM and remove the cgiemail
script from the username
user's home directory:
/usr/local/cpanel/scripts/clean_cgiemail --rpm --docroot --user=username
This command's output will resemble the following example:
info [clean_cgiemail] Removing RPM: cpanel-cgiemail-1.6-5.cp1136.x86_64 ... info [clean_cgiemail] Success. info [clean_cgiemail] Removing file: /home/foobar/public_html/cgi-bin/cgiemail ... info [clean_cgiemail] Success. info [clean_cgiemail] Found 1 scripts in user docroots.
Additional documentation
There is no content with the specified labels