Shodan
Vulnerabilities
Vulnerable Software
Cpanel:  >> Cpanel  >> 84.0.22  Security Vulnerabilities
CVE-2020-26114
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-09-25
CVE-2020-26115
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-09-25
CVE-2020-26098
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
CVSS Score
9.8
EPSS Score
0.092
Published
2020-09-25
CVE-2020-26099
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).
CVSS Score
7.5
EPSS Score
0.004
Published
2020-09-25
CVE-2020-26100
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
CVSS Score
9.8
EPSS Score
0.01
Published
2020-09-25
CVE-2020-26101
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).
CVSS Score
9.8
EPSS Score
0.005
Published
2020-09-25
CVE-2020-26102
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
CVSS Score
7.5
EPSS Score
0.006
Published
2020-09-25
CVE-2008-6926
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
CVSS Score
6.8
EPSS Score
0.076
Published
2009-08-10
CVE-2008-6927
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
CVSS Score
4.3
EPSS Score
0.078
Published
2009-08-10
CVE-2009-2275
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
CVSS Score
5.0
EPSS Score
0.008
Published
2009-07-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved