The Removal of cgiemail and cgiecho
Last modified: June 17, 2021
- This document is only valid for cPanel & WHM version 68 and earlier.
- We removed the
/usr/local/cpanel/scripts/clean_cgiemailscript in cPanel & WHM version 98.
Flaws previously discovered in the
cgiecho scripts caused cPanel, L.L.C. to remove support for them in cPanel & WHM. The upstream author of the
cgiemail scripts has not provided maintenance in over a decade. While cPanel, L.L.C. has provided patches for issues and vulnerabilities when we discover them, modern shared hosting environments should not depend on this script.
To remove the
cgiecho scripts from your system, perform the correct steps for your version of cPanel & WHM:
cPanel & WHM version 64 and earlier — Manually remove the
cgiechoscripts from the
cgi-bindirectories. To do this, manually run the
cPanel & WHM version 68 — Remove these scripts via the Feature Showcase interface when you log in to WHM. This feature automatically runs the
The clean cgiemail script
/usr/local/cpanel/scripts/clean_cgiemail script removes the
cpanel-cgiemail RPM from the system. It also removes copies of the
cgiecho scripts from users’
To use this script, run the following command:
/usr/local/cpanel/scripts/clean_cgiemail script accepts the following options:
--rpm— Remove the
--docroot— Remove the
cgiemailscripts from users’ home directories.
--user=username— Remove the
cgiemailscript from only the username user’s home directory.Note:Use this argument with the
--dryrun— Only view a list of files that the script will remove.
--notify— Send a notification to the system administrator when the script runs.
For example, run the following command to remove the
cpanel-cgiemail RPM and remove the
cgiemail script from the username user’s home directory:
/usr/local/cpanel/scripts/clean_cgiemail --rpm --docroot --user=username
This command’s output will resemble the following example: