Cpanel: >> Cpanel >> 11.52.6.4 Security Vulnerabilities
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
CVSS Score
7.5
EPSS Score
0.006
Published
2020-09-25
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
CVSS Score
7.2
EPSS Score
0.054
Published
2020-03-17
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
CVSS Score
9.8
EPSS Score
0.028
Published
2020-03-17
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-09
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
CVSS Score
8.8
EPSS Score
0.006
Published
2019-08-06
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
CVSS Score
8.8
EPSS Score
0.01
Published
2019-08-06
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).
CVSS Score
6.5
EPSS Score
0.003
Published
2019-08-06
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-06
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
CVSS Score
2.7
EPSS Score
0.003
Published
2019-08-02
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-02