Authentication flaw

2019-08-0114:15:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).

CPENameOperatorVersion
cpanelge71.9980.30
cpanellt72.0.10
cpanelge73.9980.0
cpanellt74.0.0
cpanelge69.9999.122
cpanellt70.0.53

Name	Operator	Version
cpanel	ge	71.9980.30
cpanel	lt	72.0.10
cpanel	ge	73.9980.0
cpanel	lt	74.0.0
cpanel	ge	69.9999.122
cpanel	lt	70.0.53

References

documentation.cpanel.net/display/CL/74+Change+Log

news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/