Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2018-20892 Unspecified vulnerability in Cpanel
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
network
low complexity
cpanel
4.0
2019-08-01 CVE-2018-20891 Improper Input Validation vulnerability in Cpanel
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
local
low complexity
cpanel CWE-20
4.9
2019-08-01 CVE-2018-20890 Improper Access Control vulnerability in Cpanel
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
network
low complexity
cpanel CWE-284
4.0
2019-08-01 CVE-2018-20888 Improper Authentication vulnerability in Cpanel
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).
local
low complexity
cpanel CWE-287
4.9
2019-08-01 CVE-2018-20886 Insecure Storage of Sensitive Information vulnerability in Cpanel
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).
local
low complexity
cpanel CWE-922
4.6
2019-08-01 CVE-2018-20885 Injection vulnerability in Cpanel
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416).
network
low complexity
cpanel CWE-74
5.0
2019-08-01 CVE-2018-20883 Improper Input Validation vulnerability in Cpanel
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).
network
low complexity
cpanel CWE-20
4.0
2019-08-01 CVE-2018-20882 Improper Input Validation vulnerability in Cpanel
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).
local
cpanel CWE-20
6.6
2019-08-01 CVE-2018-20879 Improper Input Validation vulnerability in Cpanel
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
network
low complexity
cpanel CWE-20
6.5
2019-07-30 CVE-2019-14413 Unspecified vulnerability in Cpanel
cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476).
network
low complexity
cpanel
4.0