Page tree
Skip to end of metadata
Go to start of metadata

Overview

Recently-discovered flaws in the cgiemail and cgiecho scripts have caused cPanel, Inc. to remove support for them in cPanel & WHM. The upstream author of the cgiemail scripts has not provided maintenance in over a decade. While cPanel, Inc. has provided patches for issues and vulnerabilities when we discover them, modern shared hosting environments should not depend on this script.

To remove the cgiemail and cgiecho scripts from your system, perform the correct steps for your version of cPanel & WHM:

  • cPanel & WHM version 64 and earlier — Manually remove the cgiemail and cgiecho scripts from the cgi-sys directory and cgi-bin directories. To do this, manually run the /usr/local/cpanel/scripts/clean_cgiemail script.
  • cPanel & WHM version 68 — Remove these scripts via the Feature Showcase interface when you log in to WHM. This feature automatically runs the /usr/local/cpanel/scripts/clean_cgiemail script.

The clean_cgiemail script

The /usr/local/cpanel/scripts/clean_cgimail script removes the cpanel-cgiemail RPM from the system. It also removes copies of the cgiemail and cgiecho scripts from users' cgi-bin directories.

To use this script, run the following command:

/usr/local/cpanel/scripts/clean_cgimail [arguments]

Arguments

The /usr/local/cpanel/scripts/clean_cgimail script accepts the following arguments:

ArgumentPurpose
--rpmRemove the cgiemail RPM.
--docrootRemove the cgiemail scripts from users' home directories.
--user=username

Remove the cgiemail script from only the username user's home directory.

Note:

Use this argument with the --docroot argument.

--dryrunOnly view a list of files that the script will remove.
--notifySend a notification to the system administrator when the script runs.

Example

For example, run the following command to remove the cpanel-cgiemail RPM and remove the cgiemail script from the username user's home directory:

/usr/local/cpanel/scripts/clean_cgiemail --rpm --docroot --user=username

This command's output will resemble the following example:

info [clean_cgiemail] Removing RPM: cpanel-cgiemail-1.6-5.cp1136.x86_64 ...
info [clean_cgiemail] Success.
info [clean_cgiemail] Removing file: /home/foobar/public_html/cgi-bin/cgiemail ...
info [clean_cgiemail] Success.
info [clean_cgiemail] Found 1 scripts in user docroots.

Additional documentation

There is no content with the specified labels

There is no content with the specified labels