Vulnerabilities > Cpanel > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2017-18459 Improper Input Validation vulnerability in Cpanel
cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).
local
low complexity
cpanel CWE-20
7.2
7.2
2019-08-02 CVE-2017-18435 Unrestricted Upload of File with Dangerous Type vulnerability in Cpanel
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).
network
low complexity
cpanel CWE-434
7.5
7.5
2019-08-02 CVE-2017-18434 Improper Input Validation vulnerability in Cpanel
cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).
local
low complexity
cpanel CWE-20
7.2
7.2
2019-08-02 CVE-2017-18400 Command Injection vulnerability in Cpanel
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).
local
low complexity
cpanel CWE-77
7.2
7.2
2019-08-02 CVE-2017-18390 Permission Issues vulnerability in Cpanel
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
local
low complexity
cpanel CWE-275
7.2
7.2
2019-08-02 CVE-2017-18388 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
local
low complexity
cpanel CWE-20
7.2
7.2
2019-08-01 CVE-2018-20945 Improper Authorization vulnerability in Cpanel
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).
network
cpanel CWE-285
7.9
7.9
2019-08-01 CVE-2018-20926 Unrestricted Upload of File with Dangerous Type vulnerability in Cpanel
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).
local
low complexity
cpanel CWE-434
7.2
7.2
2019-08-01 CVE-2018-20924 Improper Authentication vulnerability in Cpanel
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).
network
low complexity
cpanel CWE-287
7.5
7.5
2019-08-01 CVE-2016-10846 Permission Issues vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
network
low complexity
cpanel CWE-275
8.5
8.5