Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
CVSS Score
9.1
EPSS Score
0.01
Published
2020-03-17
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
CVSS Score
9.1
EPSS Score
0.01
Published
2020-03-17
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
CVSS Score
9.8
EPSS Score
0.022
Published
2020-03-17
The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI.
CVSS Score
5.3
EPSS Score
0.014
Published
2020-03-17
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-03-17
A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor.
CVSS Score
7.2
EPSS Score
0.045
Published
2020-03-17
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
CVSS Score
8.8
EPSS Score
0.011
Published
2020-03-17
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
CVSS Score
8.8
EPSS Score
0.013
Published
2020-03-17
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
CVSS Score
6.1
EPSS Score
0.007
Published
2020-03-17
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
CVSS Score
8.8
EPSS Score
0.021
Published
2020-03-17


Contact Us

Shodan ® - All rights reserved