Vulnerabilities > Cpanel > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2021-26267 Unspecified vulnerability in Cpanel
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
network
low complexity
cpanel
7.5
2020-09-25 CVE-2020-26108 Unspecified vulnerability in Cpanel
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
network
low complexity
cpanel
7.5
2020-09-25 CVE-2020-26100 Unspecified vulnerability in Cpanel
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
network
low complexity
cpanel
7.5
2020-09-25 CVE-2020-26098 Unspecified vulnerability in Cpanel
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
network
low complexity
cpanel
7.5
2020-03-17 CVE-2020-10121 Unspecified vulnerability in Cpanel
cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).
network
low complexity
cpanel
7.5
2020-03-17 CVE-2020-10119 Unspecified vulnerability in Cpanel
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
network
low complexity
cpanel
7.5
2020-03-17 CVE-2019-20498 Unspecified vulnerability in Cpanel
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
network
low complexity
cpanel
7.5
2019-08-07 CVE-2016-10804 Improper Input Validation vulnerability in Cpanel
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
network
low complexity
cpanel CWE-20
8.7
2019-08-02 CVE-2017-18463 Improper Input Validation vulnerability in Cpanel
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).
local
low complexity
cpanel CWE-20
7.2
2019-08-02 CVE-2017-18460 Improper Input Validation vulnerability in Cpanel
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).
local
low complexity
cpanel CWE-20
7.2