Code injection

2019-08-0214:15:00

PRIOn knowledge base

www.prio-n.com

4.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).

CPENameOperatorVersion
cpanelge61.9999.55
cpanellt62.0.35
cpanelge63.9999.74
cpanellt64.0.42
cpanelge65.9999.38
cpanellt66.0.34
cpanelge67.9999.64
cpanellt68.0.15

Name	Operator	Version
cpanel	ge	61.9999.55
cpanel	lt	62.0.35
cpanel	ge	63.9999.74
cpanel	lt	64.0.42
cpanel	ge	65.9999.38
cpanel	lt	66.0.34
cpanel	ge	67.9999.64
cpanel	lt	68.0.15

References

documentation.cpanel.net/display/CL/68+Change+Log

news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/