Search KB

Search our pre-analyzed vulnerability database

Total Results: 426

of 22

Published: April 27, 2023 Updated: May 5, 2023

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v2N/ACVSS v36.1

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.

Published: August 11, 2021 Updated: May 3, 2022

Vulnerability Type: Information disclosure

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v22.1CVSS v35.5

In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).

Published: August 11, 2021 Updated: August 20, 2021

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v25.5CVSS v38.1

In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).

Published: August 11, 2021 Updated: August 20, 2021

Vulnerability Type: Command injection

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v26.8CVSS v38.1

In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).

Published: August 11, 2021 Updated: July 12, 2022

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v25CVSS v37.5

In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).

Published: August 11, 2021 Updated: August 20, 2021

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v22.1CVSS v34.4

In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).

Published: August 11, 2021 Updated: August 20, 2021

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v26.5CVSS v37.2

The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).

Published: August 11, 2021 Updated: August 20, 2021

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v26.5CVSS v37.2

The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).

Published: April 26, 2021 Updated: May 6, 2021

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v24.3CVSS v36.1

cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).

Published: January 26, 2021 Updated: August 8, 2023

Vulnerability Type: Authentication flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v25CVSS v37.5

cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).

Published: January 26, 2021 Updated: February 3, 2021

Vulnerability Type: Authentication flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v25CVSS v37.5

cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).

Published: December 24, 2020 Updated: April 22, 2021

Vulnerability Type: Sql injection

Vendor(s): Egavilanmedia

Significant

Remediate Within one Month

CVSS v27.5CVSS v39.8

EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.

Published: November 27, 2020 Updated: December 1, 2020

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v24.3CVSS v36.1

cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).

Published: November 27, 2020 Updated: April 26, 2022

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v24CVSS v36.5

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).

Published: November 27, 2020 Updated: July 21, 2021

Vulnerability Type: Code injection

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v23.5CVSS v34.1

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).

Published: September 25, 2020 Updated: September 25, 2020

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v24.3CVSS v36.1

cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).

Published: September 25, 2020 Updated: September 25, 2020

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v24.3CVSS v36.1

cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).

Published: September 25, 2020 Updated: September 29, 2020

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v24.3CVSS v36.1

cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).

Published: September 25, 2020 Updated: September 29, 2020

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v25CVSS v37.5

The email quota cache in cPanel before 90.0.10 allows overwriting of files.

Published: September 25, 2020 Updated: September 29, 2020

Vulnerability Type: Design/Logic Flaw

Vendor(s): Cpanel

Routine

Remediate Within 6 Months

CVSS v24.3CVSS v36.1

cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).

of 22