Design/Logic Flaw

2019-08-0214:15:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).

CPENameOperatorVersion
cpanelge61.9999.55
cpanellt62.0.35
cpanelge63.9999.74
cpanellt64.0.42
cpanelge65.9999.38
cpanellt66.0.34
cpanelge67.9999.64
cpanellt68.0.15

Name	Operator	Version
cpanel	ge	61.9999.55
cpanel	lt	62.0.35
cpanel	ge	63.9999.74
cpanel	lt	64.0.42
cpanel	ge	65.9999.38
cpanel	lt	66.0.34
cpanel	ge	67.9999.64
cpanel	lt	68.0.15

References

documentation.cpanel.net/display/CL/68+Change+Log

news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/