Code injection

2019-08-0713:15:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.2%

JSON

cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).

CPENameOperatorVersion
cpanelge55.9999.61
cpanellt56.0.27
cpanelge57.9999.48
cpanellt58.0.4
cpanelge11.54.0.0
cpanellt11.54.0.26
cpanelge11.51.9999.98
cpanellt11.52.6.2

Name	Operator	Version
cpanel	ge	55.9999.61
cpanel	lt	56.0.27
cpanel	ge	57.9999.48
cpanel	lt	58.0.4
cpanel	ge	11.54.0.0
cpanel	lt	11.54.0.26
cpanel	ge	11.51.9999.98
cpanel	lt	11.52.6.2

References

documentation.cpanel.net/display/CL/58+Change+Log

news.cpanel.com/cpanel-tsr-2016-0004-full-disclosure/