Vulnerabilities > CVE-2017-18438 - XXE vulnerability in Cpanel

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cpanel

CWE-611

NVD

Published: 2019-08-02

Updated: 2019-08-09

Summary

cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).

Vulnerable Configurations

Part	Description	Count
Application	Cpanel Cpanel Cpanel 55.9999.61 Cpanel Cpanel 55.9999.69 Cpanel Cpanel 55.9999.89 Cpanel Cpanel 55.9999.99 Cpanel Cpanel 55.9999.106 Cpanel Cpanel 55.9999.114 Cpanel Cpanel 55.9999.117 Cpanel Cpanel 55.9999.120 Cpanel Cpanel 55.9999.122 Cpanel Cpanel 55.9999.124 Cpanel Cpanel 55.9999.130 Cpanel Cpanel 55.9999.137 Cpanel Cpanel 55.9999.141 Cpanel Cpanel 55.9999.142 Cpanel Cpanel 55.9999.144 Cpanel Cpanel 55.9999.146 Cpanel Cpanel 55.9999.148 Cpanel Cpanel 55.9999.152 Cpanel Cpanel 55.9999.154 Cpanel Cpanel 55.9999.156 Cpanel Cpanel 55.9999.159 Cpanel Cpanel 55.9999.161 Cpanel Cpanel 55.9999.162 Cpanel Cpanel 55.9999.163 Cpanel Cpanel 55.9999.164 Cpanel Cpanel 55.9999.166 Cpanel Cpanel 55.9999.167 Cpanel Cpanel 55.9999.168 Cpanel Cpanel 55.9999.171 Cpanel Cpanel 55.9999.173 Cpanel Cpanel 55.9999.176 Cpanel Cpanel 55.9999.177 Cpanel Cpanel 55.9999.180 Cpanel Cpanel 55.9999.181 Cpanel Cpanel 55.9999.182 Cpanel Cpanel 55.9999.184 Cpanel Cpanel 55.9999.188 Cpanel Cpanel 55.9999.190 Cpanel Cpanel 55.9999.193 Cpanel Cpanel 56.0.1 Cpanel Cpanel 56.0.3 Cpanel Cpanel 56.0.5 Cpanel Cpanel 56.0.8 Cpanel Cpanel 56.0.9 Cpanel Cpanel 56.0.13 Cpanel Cpanel 56.0.14 Cpanel Cpanel 56.0.15 Cpanel Cpanel 56.0.16 Cpanel Cpanel 56.0.17 Cpanel Cpanel 56.0.18 Cpanel Cpanel 56.0.20 Cpanel Cpanel 56.0.21 Cpanel Cpanel 56.0.22 Cpanel Cpanel 56.0.24 Cpanel Cpanel 56.0.25 Cpanel Cpanel 56.0.27 Cpanel Cpanel 56.0.28 Cpanel Cpanel 56.0.29 Cpanel Cpanel 56.0.32 Cpanel Cpanel 56.0.33 Cpanel Cpanel 56.0.34 Cpanel Cpanel 56.0.35 Cpanel Cpanel 56.0.36 Cpanel Cpanel 56.0.38 Cpanel Cpanel 56.0.39 Cpanel Cpanel 56.0.41 Cpanel Cpanel 56.0.43 Cpanel Cpanel 56.0.45 Cpanel Cpanel 56.0.46 Cpanel Cpanel 56.0.47 Cpanel Cpanel 56.0.48 Cpanel Cpanel 57.9999.48 Cpanel Cpanel 57.9999.54 Cpanel Cpanel 57.9999.56 Cpanel Cpanel 57.9999.62 Cpanel Cpanel 57.9999.76 Cpanel Cpanel 57.9999.95 Cpanel Cpanel 57.9999.101 Cpanel Cpanel 57.9999.105 Cpanel Cpanel 57.9999.108 Cpanel Cpanel 57.9999.113 Cpanel Cpanel 57.9999.116 Cpanel Cpanel 58.0.3 Cpanel Cpanel 58.0.4 Cpanel Cpanel 58.0.5 Cpanel Cpanel 58.0.6 Cpanel Cpanel 58.0.7 Cpanel Cpanel 58.0.8 Cpanel Cpanel 58.0.11 Cpanel Cpanel 58.0.12 Cpanel Cpanel 58.0.13 Cpanel Cpanel 58.0.17 Cpanel Cpanel 58.0.19 Cpanel Cpanel 58.0.20 Cpanel Cpanel 58.0.23 Cpanel Cpanel 58.0.24 Cpanel Cpanel 58.0.25 Cpanel Cpanel 58.0.26 Cpanel Cpanel 58.0.27 Cpanel Cpanel 58.0.28 Cpanel Cpanel 58.0.29 Cpanel Cpanel 58.0.30 Cpanel Cpanel 58.0.31 Cpanel Cpanel 58.0.32 Cpanel Cpanel 58.0.34 Cpanel Cpanel 58.0.36 Cpanel Cpanel 58.0.37 Cpanel Cpanel 58.0.41 Cpanel Cpanel 58.0.43 Cpanel Cpanel 58.0.44 Cpanel Cpanel 58.0.45 Cpanel Cpanel 58.0.46 Cpanel Cpanel 58.0.47 Cpanel Cpanel 58.0.48 Cpanel Cpanel 59.9999.58 Cpanel Cpanel 59.9999.63 Cpanel Cpanel 59.9999.70 Cpanel Cpanel 59.9999.73 Cpanel Cpanel 59.9999.78 Cpanel Cpanel 59.9999.86 Cpanel Cpanel 59.9999.89 Cpanel Cpanel 59.9999.99 Cpanel Cpanel 59.9999.111 Cpanel Cpanel 59.9999.119 Cpanel Cpanel 59.9999.130 Cpanel Cpanel 59.9999.134 Cpanel Cpanel 59.9999.137 Cpanel Cpanel 59.9999.145 Cpanel Cpanel 59.9999.149 Cpanel Cpanel 59.9999.157 Cpanel Cpanel 59.9999.161 Cpanel Cpanel 59.9999.164 Cpanel Cpanel 59.9999.167 Cpanel Cpanel 59.9999.169 Cpanel Cpanel 59.9999.171 Cpanel Cpanel 59.9999.173 Cpanel Cpanel 60.0.3 Cpanel Cpanel 60.0.4 Cpanel Cpanel 60.0.5 Cpanel Cpanel 60.0.6 Cpanel Cpanel 60.0.8 Cpanel Cpanel 60.0.9 Cpanel Cpanel 60.0.10 Cpanel Cpanel 60.0.11 Cpanel Cpanel 60.0.12 Cpanel Cpanel 60.0.13 Cpanel Cpanel 60.0.14 Cpanel Cpanel 60.0.15 Cpanel Cpanel 60.0.17 Cpanel Cpanel 60.0.18 Cpanel Cpanel 60.0.19 Cpanel Cpanel 60.0.22 Cpanel Cpanel 60.0.24 Cpanel Cpanel 60.0.25 Cpanel Cpanel 60.0.26 Cpanel Cpanel 60.0.27 Cpanel Cpanel 60.0.28 Cpanel Cpanel 60.0.31 Cpanel Cpanel 60.0.32 Cpanel Cpanel 60.0.34 Cpanel Cpanel 60.0.35 Cpanel Cpanel 60.0.36 Cpanel Cpanel 60.0.37 Cpanel Cpanel 60.0.38 Cpanel Cpanel 60.0.39 Cpanel Cpanel 60.0.42 Cpanel Cpanel 61.9999.55 Cpanel Cpanel 61.9999.65 Cpanel Cpanel 61.9999.66 Cpanel Cpanel 61.9999.82 Cpanel Cpanel 61.9999.84 Cpanel Cpanel 61.9999.96 Cpanel Cpanel 61.9999.101 Cpanel Cpanel 61.9999.115 Cpanel Cpanel 61.9999.120 Cpanel Cpanel 62.0.1 Cpanel Cpanel 62.0.2 Cpanel Cpanel 62.0.4 Cpanel Cpanel 62.0.5 Cpanel Cpanel 62.0.6 Cpanel Cpanel 62.0.7 Cpanel Cpanel 62.0.8 Cpanel Cpanel 62.0.9 Cpanel Cpanel 62.0.10 Cpanel Cpanel 62.0.11 Cpanel Cpanel 62.0.12 Cpanel Cpanel 62.0.14 Cpanel Cpanel 62.0.15 Cpanel Cpanel 62.0.16 Cpanel Cpanel 62.0.17 Cpanel Cpanel 62.0.19 Cpanel Cpanel 62.0.23 Cpanel Cpanel 63.9999.74 Cpanel Cpanel 63.9999.84 Cpanel Cpanel 63.9999.97 Cpanel Cpanel 63.9999.107 Cpanel Cpanel 63.9999.113 Cpanel Cpanel 63.9999.125 Cpanel Cpanel 63.9999.132 Cpanel Cpanel 63.9999.134 Cpanel Cpanel 64.0.0 Cpanel Cpanel 64.0.1 Cpanel Cpanel 64.0.2 Cpanel Cpanel 64.0.3 Cpanel Cpanel 64.0.4 Cpanel Cpanel 64.0.7 Cpanel Cpanel 64.0.9 Cpanel Cpanel 64.0.11 Cpanel Cpanel 64.0.12 Cpanel Cpanel 64.0.13 Cpanel Cpanel 64.0.14 Cpanel Cpanel 64.0.15 Cpanel Cpanel 64.0.17 Cpanel Cpanel 64.0.18 Cpanel Cpanel 64.0.19 Cpanel Cpanel 64.0.20	216

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References