Code injection

2019-08-0216:15:00

PRIOn knowledge base

www.prio-n.com

0.0004 Low

EPSS

Percentile

12.8%

JSON

cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).

CPENameOperatorVersion
cpanelge55.9999.61
cpanellt56.0.49
cpanelge57.9999.48
cpanellt58.0.49
cpanelge59.9999.58
cpanellt60.0.43
cpanelge61.9999.55
cpanellt62.0.24
cpanelge63.9999.74
cpanellt64.0.21

Name	Operator	Version
cpanel	ge	55.9999.61
cpanel	lt	56.0.49
cpanel	ge	57.9999.48
cpanel	lt	58.0.49
cpanel	ge	59.9999.58
cpanel	lt	60.0.43
cpanel	ge	61.9999.55
cpanel	lt	62.0.24
cpanel	ge	63.9999.74
cpanel	lt	64.0.21

References

documentation.cpanel.net/display/CL/64+Change+Log

news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for PRION:CVE-2017-18434