Search
Find a vulnerability
Search criteria
835 vulnerabilities found for cpanel by cpanel
CVE-2026-41940 (GCVE-0-2026-41940)
Vulnerability from nvd – Published: 2026-04-29 15:10 – Updated: 2026-05-06 15:48Title
WebPros cPanel and WHM Authentication Bypass via Login Flow
Summary
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://support.cpanel.net/hc/en-us/articles/4007… | vendor-advisorypatch |
| https://docs.cpanel.net/release-notes/release-notes | release-notes |
| https://docs.wpsquared.com/changelogs/versions/ch… | release-notes |
| https://www.namecheap.com/status-updates/ongoing-… | third-party-advisory |
| https://www.vulncheck.com/advisories/cpanel-and-w… | third-party-advisory |
| https://github.com/watchtowrlabs/watchTowr-vs-cPa… | exploit |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
| https://www.bleepingcomputer.com/news/security/cr… | |
| https://labs.watchtowr.com/the-internet-is-fallin… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| WebPros | cPanel |
Affected:
11.40.0.0 , < 11.86.0.41
(custom)
Affected: 11.88.0.0 , < 11.94.0.28 (custom) Affected: 11.96.0.0 , < 11.102.0.39 (custom) Affected: 11.104.0.0 , < 11.110.0.97 (custom) Affected: 11.112.0.0 , < 11.118.0.63 (custom) Affected: 11.120.0.0 , < 11.124.0.35 (custom) Affected: 11.126.0.0 , < 11.126.0.54 (custom) Affected: 11.128.0.0 , < 11.130.0.19 (custom) Affected: 11.132.0.0 , < 11.132.0.29 (custom) Affected: 11.134.0.0 , < 11.134.0.20 (custom) Affected: 11.136.0.0 , < 11.136.0.5 (custom) |
|
| WebPros | WP Squared |
Unaffected:
11.136.1.7
(custom)
|
|
| WebPros | WHM |
Affected:
11.40.0.0 , < 11.86.0.41
(custom)
Affected: 11.88.0.0 , < 11.94.0.28 (custom) Affected: 11.96.0.0 , < 11.102.0.39 (custom) Affected: 11.104.0.0 , < 11.110.0.97 (custom) Affected: 11.112.0.0 , < 11.118.0.63 (custom) Affected: 11.120.0.0 , < 11.124.0.35 (custom) Affected: 11.126.0.0 , < 11.126.0.54 (custom) Affected: 11.128.0.0 , < 11.130.0.19 (custom) Affected: 11.132.0.0 , < 11.132.0.29 (custom) Affected: 11.134.0.0 , < 11.134.0.20 (custom) Affected: 11.136.0.0 , < 11.136.0.5 (custom) |
Date Public
2026-04-28 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41940",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T03:55:47.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-30T00:00:00.000Z",
"value": "CVE-2026-41940 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-04T16:13:16.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/"
},
{
"url": "https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "cPanel",
"vendor": "WebPros",
"versions": [
{
"lessThan": "11.86.0.41",
"status": "affected",
"version": "11.40.0.0",
"versionType": "custom"
},
{
"lessThan": "11.94.0.28",
"status": "affected",
"version": "11.88.0.0",
"versionType": "custom"
},
{
"lessThan": "11.102.0.39",
"status": "affected",
"version": "11.96.0.0",
"versionType": "custom"
},
{
"lessThan": "11.110.0.97",
"status": "affected",
"version": "11.104.0.0",
"versionType": "custom"
},
{
"lessThan": "11.118.0.63",
"status": "affected",
"version": "11.112.0.0",
"versionType": "custom"
},
{
"lessThan": "11.124.0.35",
"status": "affected",
"version": "11.120.0.0",
"versionType": "custom"
},
{
"lessThan": "11.126.0.54",
"status": "affected",
"version": "11.126.0.0",
"versionType": "custom"
},
{
"lessThan": "11.130.0.19",
"status": "affected",
"version": "11.128.0.0",
"versionType": "custom"
},
{
"lessThan": "11.132.0.29",
"status": "affected",
"version": "11.132.0.0",
"versionType": "custom"
},
{
"lessThan": "11.134.0.20",
"status": "affected",
"version": "11.134.0.0",
"versionType": "custom"
},
{
"lessThan": "11.136.0.5",
"status": "affected",
"version": "11.136.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "WP Squared",
"vendor": "WebPros",
"versions": [
{
"status": "unaffected",
"version": "11.136.1.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "WHM",
"vendor": "WebPros",
"versions": [
{
"lessThan": "11.86.0.41",
"status": "affected",
"version": "11.40.0.0",
"versionType": "custom"
},
{
"lessThan": "11.94.0.28",
"status": "affected",
"version": "11.88.0.0",
"versionType": "custom"
},
{
"lessThan": "11.102.0.39",
"status": "affected",
"version": "11.96.0.0",
"versionType": "custom"
},
{
"lessThan": "11.110.0.97",
"status": "affected",
"version": "11.104.0.0",
"versionType": "custom"
},
{
"lessThan": "11.118.0.63",
"status": "affected",
"version": "11.112.0.0",
"versionType": "custom"
},
{
"lessThan": "11.124.0.35",
"status": "affected",
"version": "11.120.0.0",
"versionType": "custom"
},
{
"lessThan": "11.126.0.54",
"status": "affected",
"version": "11.126.0.0",
"versionType": "custom"
},
{
"lessThan": "11.130.0.19",
"status": "affected",
"version": "11.128.0.0",
"versionType": "custom"
},
{
"lessThan": "11.132.0.29",
"status": "affected",
"version": "11.132.0.0",
"versionType": "custom"
},
{
"lessThan": "11.134.0.20",
"status": "affected",
"version": "11.134.0.0",
"versionType": "custom"
},
{
"lessThan": "11.136.0.5",
"status": "affected",
"version": "11.136.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.86.0.41",
"versionStartIncluding": "11.40.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.94.0.28",
"versionStartIncluding": "11.88.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.102.0.39",
"versionStartIncluding": "11.96.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.110.0.97",
"versionStartIncluding": "11.104.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.118.0.63",
"versionStartIncluding": "11.112.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.124.0.35",
"versionStartIncluding": "11.120.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.126.0.54",
"versionStartIncluding": "11.126.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.130.0.19",
"versionStartIncluding": "11.128.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.132.0.29",
"versionStartIncluding": "11.132.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.134.0.20",
"versionStartIncluding": "11.134.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.136.0.5",
"versionStartIncluding": "11.136.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.86.0.41",
"versionStartIncluding": "11.40.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.94.0.28",
"versionStartIncluding": "11.88.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.102.0.39",
"versionStartIncluding": "11.96.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.110.0.97",
"versionStartIncluding": "11.104.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.118.0.63",
"versionStartIncluding": "11.112.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.124.0.35",
"versionStartIncluding": "11.120.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.126.0.54",
"versionStartIncluding": "11.126.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.130.0.19",
"versionStartIncluding": "11.128.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.132.0.29",
"versionStartIncluding": "11.132.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.130.0.18",
"versionStartIncluding": "11.134.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:wp_squared:*:*:*:*:*:*:*:*",
"versionEndExcluding": "136.1.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T15:48:18.270Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.cpanel.net/release-notes/release-notes"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.wpsquared.com/changelogs/versions/changelog/#13617"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WebPros cPanel and WHM Authentication Bypass via Login Flow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-41940",
"datePublished": "2026-04-29T15:10:37.899Z",
"dateReserved": "2026-04-22T18:50:43.621Z",
"dateUpdated": "2026-05-06T15:48:18.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66429 (GCVE-0-2025-66429)
Vulnerability from nvd – Published: 2025-12-11 00:00 – Updated: 2025-12-12 21:02
VLAI
Summary
An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T21:00:50.056378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T21:02:05.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:29:15.564Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.cpanel.net/release-notes/release-notes/"
},
{
"url": "https://docs.cpanel.net/changelogs/126-change-log/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66429",
"datePublished": "2025-12-11T00:00:00.000Z",
"dateReserved": "2025-11-30T00:00:00.000Z",
"dateUpdated": "2025-12-12T21:02:05.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29489 (GCVE-0-2023-29489)
Vulnerability from nvd – Published: 2023-04-27 00:00 – Updated: 2024-08-02 14:07
VLAI
Summary
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpanel",
"vendor": "cpanel",
"versions": [
{
"lessThan": "11.109.9999.116",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cpanel:cpanel:11.109.9999.116:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cpanel",
"vendor": "cpanel",
"versions": [
{
"status": "unaffected",
"version": "11.109.9999.116"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29489",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T03:55:38.487098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T13:00:06.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:L/C:L/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/"
},
{
"url": "https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29489",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-02T14:07:46.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38590 (GCVE-0-2021-38590)
Vulnerability from nvd – Published: 2021-08-11 22:54 – Updated: 2024-08-04 01:44
VLAI
Summary
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:54:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38590",
"datePublished": "2021-08-11T22:54:59.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38589 (GCVE-0-2021-38589)
Vulnerability from nvd – Published: 2021-08-11 22:55 – Updated: 2024-08-04 01:44
VLAI
Summary
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38589",
"datePublished": "2021-08-11T22:55:12.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38588 (GCVE-0-2021-38588)
Vulnerability from nvd – Published: 2021-08-11 22:55 – Updated: 2024-08-04 01:44
VLAI
Summary
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38588",
"datePublished": "2021-08-11T22:55:25.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38587 (GCVE-0-2021-38587)
Vulnerability from nvd – Published: 2021-08-11 22:55 – Updated: 2024-08-04 01:44
VLAI
Summary
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38587",
"datePublished": "2021-08-11T22:55:37.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38586 (GCVE-0-2021-38586)
Vulnerability from nvd – Published: 2021-08-11 22:55 – Updated: 2024-08-04 01:44
VLAI
Summary
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/98-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/98-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38586",
"datePublished": "2021-08-11T22:55:47.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38585 (GCVE-0-2021-38585)
Vulnerability from nvd – Published: 2021-08-11 22:55 – Updated: 2024-08-04 01:44
VLAI
Summary
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/98-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/98-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38585",
"datePublished": "2021-08-11T22:55:59.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38584 (GCVE-0-2021-38584)
Vulnerability from nvd – Published: 2021-08-11 22:56 – Updated: 2024-08-04 01:44
VLAI
Summary
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/98-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:56:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/98-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38584",
"datePublished": "2021-08-11T22:56:10.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31803 (GCVE-0-2021-31803)
Vulnerability from nvd – Published: 2021-04-26 07:30 – Updated: 2024-08-03 23:10
VLAI
Summary
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/94-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T07:30:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/94-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31803",
"datePublished": "2021-04-26T07:30:54.000Z",
"dateReserved": "2021-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:10:30.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26267 (GCVE-0-2021-26267)
Vulnerability from nvd – Published: 2021-01-26 03:35 – Updated: 2024-08-03 20:19
VLAI
Summary
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/92-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T03:35:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/92-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26267",
"datePublished": "2021-01-26T03:35:35.000Z",
"dateReserved": "2021-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:19:20.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26266 (GCVE-0-2021-26266)
Vulnerability from nvd – Published: 2021-01-26 03:35 – Updated: 2024-08-03 20:19
VLAI
Summary
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/92-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T03:35:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/92-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26266",
"datePublished": "2021-01-26T03:35:43.000Z",
"dateReserved": "2021-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:19:20.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29137 (GCVE-0-2020-29137)
Vulnerability from nvd – Published: 2020-11-27 01:34 – Updated: 2024-08-04 16:48
VLAI
Summary
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-27T01:34:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29137",
"datePublished": "2020-11-27T01:34:12.000Z",
"dateReserved": "2020-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:48:01.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29136 (GCVE-0-2020-29136)
Vulnerability from nvd – Published: 2020-11-27 01:34 – Updated: 2024-08-04 16:48
VLAI
Summary
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC |
| https://news.cpanel.com/cpanel-tsr-2020-0007-full… | x_refsource_CONFIRM |
| https://www.digitaldefense.com/news/zero-day-cpan… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T17:09:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"name": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/",
"refsource": "CONFIRM",
"url": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/"
},
{
"name": "https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/",
"refsource": "MISC",
"url": "https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29136",
"datePublished": "2020-11-27T01:34:24.000Z",
"dateReserved": "2020-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:48:01.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29135 (GCVE-0-2020-29135)
Vulnerability from nvd – Published: 2020-11-27 01:34 – Updated: 2024-08-04 16:48
VLAI
Summary
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-27T01:34:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29135",
"datePublished": "2020-11-27T01:34:02.000Z",
"dateReserved": "2020-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:48:01.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-41940 (GCVE-0-2026-41940)
Vulnerability from cvelistv5 – Published: 2026-04-29 15:10 – Updated: 2026-05-06 15:48Title
WebPros cPanel and WHM Authentication Bypass via Login Flow
Summary
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://support.cpanel.net/hc/en-us/articles/4007… | vendor-advisorypatch |
| https://docs.cpanel.net/release-notes/release-notes | release-notes |
| https://docs.wpsquared.com/changelogs/versions/ch… | release-notes |
| https://www.namecheap.com/status-updates/ongoing-… | third-party-advisory |
| https://www.vulncheck.com/advisories/cpanel-and-w… | third-party-advisory |
| https://github.com/watchtowrlabs/watchTowr-vs-cPa… | exploit |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
| https://www.bleepingcomputer.com/news/security/cr… | |
| https://labs.watchtowr.com/the-internet-is-fallin… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| WebPros | cPanel |
Affected:
11.40.0.0 , < 11.86.0.41
(custom)
Affected: 11.88.0.0 , < 11.94.0.28 (custom) Affected: 11.96.0.0 , < 11.102.0.39 (custom) Affected: 11.104.0.0 , < 11.110.0.97 (custom) Affected: 11.112.0.0 , < 11.118.0.63 (custom) Affected: 11.120.0.0 , < 11.124.0.35 (custom) Affected: 11.126.0.0 , < 11.126.0.54 (custom) Affected: 11.128.0.0 , < 11.130.0.19 (custom) Affected: 11.132.0.0 , < 11.132.0.29 (custom) Affected: 11.134.0.0 , < 11.134.0.20 (custom) Affected: 11.136.0.0 , < 11.136.0.5 (custom) |
|
| WebPros | WP Squared |
Unaffected:
11.136.1.7
(custom)
|
|
| WebPros | WHM |
Affected:
11.40.0.0 , < 11.86.0.41
(custom)
Affected: 11.88.0.0 , < 11.94.0.28 (custom) Affected: 11.96.0.0 , < 11.102.0.39 (custom) Affected: 11.104.0.0 , < 11.110.0.97 (custom) Affected: 11.112.0.0 , < 11.118.0.63 (custom) Affected: 11.120.0.0 , < 11.124.0.35 (custom) Affected: 11.126.0.0 , < 11.126.0.54 (custom) Affected: 11.128.0.0 , < 11.130.0.19 (custom) Affected: 11.132.0.0 , < 11.132.0.29 (custom) Affected: 11.134.0.0 , < 11.134.0.20 (custom) Affected: 11.136.0.0 , < 11.136.0.5 (custom) |
Date Public
2026-04-28 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41940",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T03:55:47.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-30T00:00:00.000Z",
"value": "CVE-2026-41940 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-04T16:13:16.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/"
},
{
"url": "https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "cPanel",
"vendor": "WebPros",
"versions": [
{
"lessThan": "11.86.0.41",
"status": "affected",
"version": "11.40.0.0",
"versionType": "custom"
},
{
"lessThan": "11.94.0.28",
"status": "affected",
"version": "11.88.0.0",
"versionType": "custom"
},
{
"lessThan": "11.102.0.39",
"status": "affected",
"version": "11.96.0.0",
"versionType": "custom"
},
{
"lessThan": "11.110.0.97",
"status": "affected",
"version": "11.104.0.0",
"versionType": "custom"
},
{
"lessThan": "11.118.0.63",
"status": "affected",
"version": "11.112.0.0",
"versionType": "custom"
},
{
"lessThan": "11.124.0.35",
"status": "affected",
"version": "11.120.0.0",
"versionType": "custom"
},
{
"lessThan": "11.126.0.54",
"status": "affected",
"version": "11.126.0.0",
"versionType": "custom"
},
{
"lessThan": "11.130.0.19",
"status": "affected",
"version": "11.128.0.0",
"versionType": "custom"
},
{
"lessThan": "11.132.0.29",
"status": "affected",
"version": "11.132.0.0",
"versionType": "custom"
},
{
"lessThan": "11.134.0.20",
"status": "affected",
"version": "11.134.0.0",
"versionType": "custom"
},
{
"lessThan": "11.136.0.5",
"status": "affected",
"version": "11.136.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "WP Squared",
"vendor": "WebPros",
"versions": [
{
"status": "unaffected",
"version": "11.136.1.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "WHM",
"vendor": "WebPros",
"versions": [
{
"lessThan": "11.86.0.41",
"status": "affected",
"version": "11.40.0.0",
"versionType": "custom"
},
{
"lessThan": "11.94.0.28",
"status": "affected",
"version": "11.88.0.0",
"versionType": "custom"
},
{
"lessThan": "11.102.0.39",
"status": "affected",
"version": "11.96.0.0",
"versionType": "custom"
},
{
"lessThan": "11.110.0.97",
"status": "affected",
"version": "11.104.0.0",
"versionType": "custom"
},
{
"lessThan": "11.118.0.63",
"status": "affected",
"version": "11.112.0.0",
"versionType": "custom"
},
{
"lessThan": "11.124.0.35",
"status": "affected",
"version": "11.120.0.0",
"versionType": "custom"
},
{
"lessThan": "11.126.0.54",
"status": "affected",
"version": "11.126.0.0",
"versionType": "custom"
},
{
"lessThan": "11.130.0.19",
"status": "affected",
"version": "11.128.0.0",
"versionType": "custom"
},
{
"lessThan": "11.132.0.29",
"status": "affected",
"version": "11.132.0.0",
"versionType": "custom"
},
{
"lessThan": "11.134.0.20",
"status": "affected",
"version": "11.134.0.0",
"versionType": "custom"
},
{
"lessThan": "11.136.0.5",
"status": "affected",
"version": "11.136.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.86.0.41",
"versionStartIncluding": "11.40.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.94.0.28",
"versionStartIncluding": "11.88.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.102.0.39",
"versionStartIncluding": "11.96.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.110.0.97",
"versionStartIncluding": "11.104.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.118.0.63",
"versionStartIncluding": "11.112.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.124.0.35",
"versionStartIncluding": "11.120.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.126.0.54",
"versionStartIncluding": "11.126.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.130.0.19",
"versionStartIncluding": "11.128.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.132.0.29",
"versionStartIncluding": "11.132.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.134.0.20",
"versionStartIncluding": "11.134.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.136.0.5",
"versionStartIncluding": "11.136.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.86.0.41",
"versionStartIncluding": "11.40.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.94.0.28",
"versionStartIncluding": "11.88.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.102.0.39",
"versionStartIncluding": "11.96.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.110.0.97",
"versionStartIncluding": "11.104.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.118.0.63",
"versionStartIncluding": "11.112.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.124.0.35",
"versionStartIncluding": "11.120.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.126.0.54",
"versionStartIncluding": "11.126.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.130.0.19",
"versionStartIncluding": "11.128.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.132.0.29",
"versionStartIncluding": "11.132.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.130.0.18",
"versionStartIncluding": "11.134.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:wp_squared:*:*:*:*:*:*:*:*",
"versionEndExcluding": "136.1.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"datePublic": "2026-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T15:48:18.270Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.cpanel.net/release-notes/release-notes"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.wpsquared.com/changelogs/versions/changelog/#13617"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WebPros cPanel and WHM Authentication Bypass via Login Flow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-41940",
"datePublished": "2026-04-29T15:10:37.899Z",
"dateReserved": "2026-04-22T18:50:43.621Z",
"dateUpdated": "2026-05-06T15:48:18.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66429 (GCVE-0-2025-66429)
Vulnerability from cvelistv5 – Published: 2025-12-11 00:00 – Updated: 2025-12-12 21:02
VLAI
Summary
An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T21:00:50.056378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T21:02:05.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:29:15.564Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.cpanel.net/release-notes/release-notes/"
},
{
"url": "https://docs.cpanel.net/changelogs/126-change-log/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66429",
"datePublished": "2025-12-11T00:00:00.000Z",
"dateReserved": "2025-11-30T00:00:00.000Z",
"dateUpdated": "2025-12-12T21:02:05.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29489 (GCVE-0-2023-29489)
Vulnerability from cvelistv5 – Published: 2023-04-27 00:00 – Updated: 2024-08-02 14:07
VLAI
Summary
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpanel",
"vendor": "cpanel",
"versions": [
{
"lessThan": "11.109.9999.116",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cpanel:cpanel:11.109.9999.116:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cpanel",
"vendor": "cpanel",
"versions": [
{
"status": "unaffected",
"version": "11.109.9999.116"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29489",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T03:55:38.487098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T13:00:06.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:L/C:L/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/"
},
{
"url": "https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29489",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-02T14:07:46.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38584 (GCVE-0-2021-38584)
Vulnerability from cvelistv5 – Published: 2021-08-11 22:56 – Updated: 2024-08-04 01:44
VLAI
Summary
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/98-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:56:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/98-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38584",
"datePublished": "2021-08-11T22:56:10.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38585 (GCVE-0-2021-38585)
Vulnerability from cvelistv5 – Published: 2021-08-11 22:55 – Updated: 2024-08-04 01:44
VLAI
Summary
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/98-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/98-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38585",
"datePublished": "2021-08-11T22:55:59.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38586 (GCVE-0-2021-38586)
Vulnerability from cvelistv5 – Published: 2021-08-11 22:55 – Updated: 2024-08-04 01:44
VLAI
Summary
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/98-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/98-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38586",
"datePublished": "2021-08-11T22:55:47.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38587 (GCVE-0-2021-38587)
Vulnerability from cvelistv5 – Published: 2021-08-11 22:55 – Updated: 2024-08-04 01:44
VLAI
Summary
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38587",
"datePublished": "2021-08-11T22:55:37.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38588 (GCVE-0-2021-38588)
Vulnerability from cvelistv5 – Published: 2021-08-11 22:55 – Updated: 2024-08-04 01:44
VLAI
Summary
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38588",
"datePublished": "2021-08-11T22:55:25.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38589 (GCVE-0-2021-38589)
Vulnerability from cvelistv5 – Published: 2021-08-11 22:55 – Updated: 2024-08-04 01:44
VLAI
Summary
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38589",
"datePublished": "2021-08-11T22:55:12.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38590 (GCVE-0-2021-38590)
Vulnerability from cvelistv5 – Published: 2021-08-11 22:54 – Updated: 2024-08-04 01:44
VLAI
Summary
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:54:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38590",
"datePublished": "2021-08-11T22:54:59.000Z",
"dateReserved": "2021-08-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:23.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31803 (GCVE-0-2021-31803)
Vulnerability from cvelistv5 – Published: 2021-04-26 07:30 – Updated: 2024-08-03 23:10
VLAI
Summary
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/94-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T07:30:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/94-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31803",
"datePublished": "2021-04-26T07:30:54.000Z",
"dateReserved": "2021-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:10:30.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26266 (GCVE-0-2021-26266)
Vulnerability from cvelistv5 – Published: 2021-01-26 03:35 – Updated: 2024-08-03 20:19
VLAI
Summary
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/92-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T03:35:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/92-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26266",
"datePublished": "2021-01-26T03:35:43.000Z",
"dateReserved": "2021-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:19:20.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26267 (GCVE-0-2021-26267)
Vulnerability from cvelistv5 – Published: 2021-01-26 03:35 – Updated: 2024-08-03 20:19
VLAI
Summary
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.cpanel.net/changelogs/92-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T03:35:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/92-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26267",
"datePublished": "2021-01-26T03:35:35.000Z",
"dateReserved": "2021-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:19:20.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201908-1388
Vulnerability from variot - Updated: 2024-11-23 23:01In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). cPanel Contains an information disclosure vulnerability.Information may be obtained. cPanel is a set of web-based automated hosting platform for cPanel. The platform is primarily used to automate the management of websites and servers. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpanel",
"scope": "lt",
"trust": 2.4,
"vendor": "cpanel",
"version": "66.0.2"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "57.9999.48"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "61.9999.55"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "59.9999.58"
},
{
"model": "cpanel",
"scope": "lt",
"trust": 1.0,
"vendor": "cpanel",
"version": "60.0.45"
},
{
"model": "cpanel",
"scope": "lt",
"trust": 1.0,
"vendor": "cpanel",
"version": "62.0.27"
},
{
"model": "cpanel",
"scope": "lt",
"trust": 1.0,
"vendor": "cpanel",
"version": "58.0.52"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "55.9999.61"
},
{
"model": "cpanel",
"scope": "lt",
"trust": 1.0,
"vendor": "cpanel",
"version": "56.0.51"
},
{
"model": "cpanel",
"scope": "lt",
"trust": 1.0,
"vendor": "cpanel",
"version": "64.0.33"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "65.9999.38"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "63.9999.74"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cpanel:cpanel",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
}
]
},
"cve": "CVE-2017-18428",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2017-18428",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-26002",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.0,
"id": "CVE-2017-18428",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18428",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2017-18428",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2019-26002",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-224",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). cPanel Contains an information disclosure vulnerability.Information may be obtained. cPanel is a set of web-based automated hosting platform for cPanel. The platform is primarily used to automate the management of websites and servers. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18428"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNVD",
"id": "CNVD-2019-26002"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18428",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-26002",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"id": "VAR-201908-1388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
}
]
},
"last_update_date": "2024-11-23T23:01:42.539000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "66 Change Log",
"trust": 0.8,
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"title": "Patch for cPanel Information Disclosure Vulnerability (CNVD-2019-26002)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/173275"
},
{
"title": "cPanel Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18428"
},
{
"trust": 1.6,
"url": "https://documentation.cpanel.net/display/cl/66+change+log"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18428"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"date": "2019-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"date": "2019-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"date": "2019-08-02T16:15:12.537000",
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"date": "2019-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"date": "2019-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"date": "2024-11-21T03:20:05.830000",
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cPanel Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
}
],
"trust": 0.6
}
}