Command injection

2019-08-0119:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.6%

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).

CPENameOperatorVersion
cpanelge11.50.0.4
cpanellt11.50.5.2
cpanelge11.54.0.0
cpanellt11.54.0.20
cpanelge11.52.0.5
cpanellt11.52.4.1

Name	Operator	Version
cpanel	ge	11.50.0.4
cpanel	lt	11.50.5.2
cpanel	ge	11.54.0.0
cpanel	lt	11.54.0.20
cpanel	ge	11.52.0.5
cpanel	lt	11.52.4.1

References

documentation.cpanel.net/display/CL/56+Change+Log

news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/