Vulnerabilities > Cpanel

DATE CVE VULNERABILITY TITLE RISK
2020-03-17 CVE-2020-10120 Incorrect Authorization vulnerability in Cpanel
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
network
low complexity
cpanel CWE-863
critical
9.0
2020-03-17 CVE-2020-10119 Unspecified vulnerability in Cpanel
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
network
low complexity
cpanel
7.5
2020-03-17 CVE-2020-10118 Unspecified vulnerability in Cpanel
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
network
low complexity
cpanel
6.4
2020-03-17 CVE-2020-10117 Incorrect Authorization vulnerability in Cpanel
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
network
low complexity
cpanel CWE-863
6.4
2020-03-17 CVE-2020-10116 Incorrect Authorization vulnerability in Cpanel
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
network
low complexity
cpanel CWE-863
5.0
2020-03-17 CVE-2020-10115 Improper Input Validation vulnerability in Cpanel
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin.
network
low complexity
cpanel CWE-20
critical
9.0
2020-03-17 CVE-2020-10114 Cross-site Scripting vulnerability in Cpanel
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
network
cpanel CWE-79
4.3
2020-03-17 CVE-2020-10113 Cross-site Scripting vulnerability in Cpanel
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
network
cpanel CWE-79
4.3
2020-03-17 CVE-2019-20498 Unspecified vulnerability in Cpanel
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
network
low complexity
cpanel
7.5
2020-03-17 CVE-2019-20497 Cross-site Scripting vulnerability in Cpanel
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
network
cpanel CWE-79
3.5