SolusVM Addon Vulnerability -- Extremely Critical

I just got passed a link via a PM to this as I was going to bed.

http://localhost.re/p/solusvm-11303-vulnerabilities

Its quite serious, but SolusVM has already posted a fix. Read below:

=====================================================

PLEASE READ THIS INFORMATION CAREFULLY. THIS INFORMATION IS RELEVANT TO ALL VERSIONS OF SOLUSVM, INCLUDING BETA VERSIONS.

A security update has now been released for the Stable and Beta versions of SolusVM. We advise you to make this update as soon as possible.

To run the update you can either do it from within the SolusVM admin area or from CLI on the master server. To preform the update from CLI the commands differ depending on the version of SolusVM you are running.

==================

Stable version:

/scripts/upcp

Beta version:

/scripts/upcp-beta

==================

Once the update is complete you will have the patched system.

We have included the original instructions in this email that were given when the exploit was announced and before we released the patched updates. If you feel the need to remove the originally exploited file after the update you can do the following:

==================

Instructions:

You will need root SSH access to your master server. You are then required to delete the following file:

/usr/local/solusvm/www/centralbackup.php

Example:

rm –f /usr/local/solusvm/www/centralbackup.php

==================

Due to this exploit we are conducting a full audit of the SolusVM client area code. The audit is already underway and any updates, if needed will be released in quick succession.

A full explanation of this exploit will be released in due course. We will also be reviewing the release status of version 1.14 due to the advanced security features it already contains.

Thank you for your continued support and apologies for any inconvenience caused.

Regards,

Soluslabs Security Team