Vulnerabilities > Cpanel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2018-20890 | Improper Access Control vulnerability in Cpanel cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | 4.3 |
| 2019-08-01 | CVE-2018-20889 | Information Exposure vulnerability in Cpanel cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | 4.4 |
| 2019-08-01 | CVE-2018-20888 | Improper Authentication vulnerability in Cpanel cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | 5.5 |
| 2019-08-01 | CVE-2018-20887 | SQL Injection vulnerability in Cpanel cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | 9.8 |
| 2019-08-01 | CVE-2018-20886 | Insecure Storage of Sensitive Information vulnerability in Cpanel cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | 5.3 |
| 2019-08-01 | CVE-2018-20885 | Injection vulnerability in Cpanel cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | 5.3 |
| 2019-08-01 | CVE-2018-20884 | Cross-site Scripting vulnerability in Cpanel cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). | 5.4 |
| 2019-08-01 | CVE-2018-20883 | Improper Input Validation vulnerability in Cpanel cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | 6.5 |
| 2019-08-01 | CVE-2018-20882 | Improper Input Validation vulnerability in Cpanel cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | 6.8 |
| 2019-08-01 | CVE-2018-20881 | Cross-site Scripting vulnerability in Cpanel cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). | 5.4 |