Shodan
Vulnerabilities
Vulnerable Software
Cpanel:  >> Cpanel  >> 91.9999.81  Security Vulnerabilities
CVE-2021-38584
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
CVSS Score
7.2
EPSS Score
0.004
Published
2021-08-11
CVE-2021-38585
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
CVSS Score
7.2
EPSS Score
0.013
Published
2021-08-11
CVE-2021-38587
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-11
CVE-2021-38588
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
CVSS Score
8.1
EPSS Score
0.002
Published
2021-08-11
CVE-2021-31803
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-26
CVE-2021-26266
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
CVSS Score
7.5
EPSS Score
0.002
Published
2021-01-26
CVE-2021-26267
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
CVSS Score
7.5
EPSS Score
0.002
Published
2021-01-26
CVE-2008-6926
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
CVSS Score
6.8
EPSS Score
0.076
Published
2009-08-10
CVE-2008-6927
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
CVSS Score
4.3
EPSS Score
0.078
Published
2009-08-10
CVE-2009-2275
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
CVSS Score
5.0
EPSS Score
0.008
Published
2009-07-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved