Vulnerability Details CVE-2018-20938
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v3 Score 2.7
CVSS v2 Score 4.0
References
Products affected by CVE-2018-20938
-
cpe:2.3:a:cpanel:cpanel:67.9999.103
-
cpe:2.3:a:cpanel:cpanel:67.9999.118
-
cpe:2.3:a:cpanel:cpanel:67.9999.124
-
cpe:2.3:a:cpanel:cpanel:67.9999.125
-
cpe:2.3:a:cpanel:cpanel:67.9999.127
-
cpe:2.3:a:cpanel:cpanel:67.9999.128
-
cpe:2.3:a:cpanel:cpanel:67.9999.130
-
cpe:2.3:a:cpanel:cpanel:67.9999.64
-
cpe:2.3:a:cpanel:cpanel:67.9999.76
-
cpe:2.3:a:cpanel:cpanel:67.9999.78
-
cpe:2.3:a:cpanel:cpanel:67.9999.86
-
cpe:2.3:a:cpanel:cpanel:67.9999.96
-
cpe:2.3:a:cpanel:cpanel:67.9999.99
-
cpe:2.3:a:cpanel:cpanel:68.0.1
-
cpe:2.3:a:cpanel:cpanel:68.0.10
-
cpe:2.3:a:cpanel:cpanel:68.0.12
-
cpe:2.3:a:cpanel:cpanel:68.0.13
-
cpe:2.3:a:cpanel:cpanel:68.0.14
-
cpe:2.3:a:cpanel:cpanel:68.0.15
-
cpe:2.3:a:cpanel:cpanel:68.0.16
-
cpe:2.3:a:cpanel:cpanel:68.0.17
-
cpe:2.3:a:cpanel:cpanel:68.0.19
-
cpe:2.3:a:cpanel:cpanel:68.0.2
-
cpe:2.3:a:cpanel:cpanel:68.0.20
-
cpe:2.3:a:cpanel:cpanel:68.0.21
-
cpe:2.3:a:cpanel:cpanel:68.0.23
-
cpe:2.3:a:cpanel:cpanel:68.0.25
-
cpe:2.3:a:cpanel:cpanel:68.0.26
-
cpe:2.3:a:cpanel:cpanel:68.0.3
-
cpe:2.3:a:cpanel:cpanel:68.0.4
-
cpe:2.3:a:cpanel:cpanel:68.0.6
-
cpe:2.3:a:cpanel:cpanel:68.0.7
-
cpe:2.3:a:cpanel:cpanel:68.0.8
-
cpe:2.3:a:cpanel:cpanel:68.0.9