Vulnerabilities > Cpanel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-05 | CVE-2017-18470 | Credentials Management vulnerability in Cpanel cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). | 8.8 |
| 2019-08-05 | CVE-2016-10773 | Use of Externally-Controlled Format String vulnerability in Cpanel cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). | 8.8 |
| 2019-08-05 | CVE-2016-10771 | Improper Input Validation vulnerability in Cpanel cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). | 8.1 |
| 2019-08-05 | CVE-2017-18462 | 7PK - Security Features vulnerability in Cpanel cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). | 7.5 |
| 2019-08-02 | CVE-2017-18463 | Improper Input Validation vulnerability in Cpanel cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). | 7.8 |
| 2019-08-02 | CVE-2017-18460 | Improper Input Validation vulnerability in Cpanel cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | 7.8 |
| 2019-08-02 | CVE-2017-18459 | Improper Input Validation vulnerability in Cpanel cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | 7.8 |
| 2019-08-02 | CVE-2017-18435 | Unrestricted Upload of File with Dangerous Type vulnerability in Cpanel cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). | 7.3 |
| 2019-08-02 | CVE-2017-18434 | Improper Input Validation vulnerability in Cpanel cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). | 7.8 |
| 2019-08-02 | CVE-2017-18433 | Improper Input Validation vulnerability in Cpanel cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). | 8.8 |