Unspecified vulnerability in cPanel (CNVD-2021-37214)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 84.0.20. No detailed vulnerability details are provided at this ti...

cPanel Remote Code Execution Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. A remote code execution vulnerability exists in cPanel versions prior to 84.0.20. An attacker can exploit this vulnerability to remotely execute code as root via the cpsrvd rsync shell...

cPanel Arbitrary File Deletion Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. An arbitrary file deletion vulnerability exists in versions of cPanel prior to 84.0.20. An attacker can exploit this vulnerability to delete arbitrary files via webmail or demo account...

cPanel Code Execution Vulnerability (CNVD-2020-18566)

cPanel is a set of Web-based host control management system of the U.S. cPanel. A code execution vulnerability exists in cPanel versions prior to 84.0.20. An attacker can exploit this vulnerability to achieve code execution via the PassengerApps API using a demo account...

cPanel Remote Code Execution Vulnerability (CNVD-2020-18555)

cPanel is a set of Web-based host control management system of the U.S. cPanel. A remote code execution vulnerability exists in cPanel versions prior to 84.0.20. The vulnerability can be exploited to achieve remote code execution via the cpsrvd rsync shell using a demo account...

CVE-2020-10116

cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls SEC-541...

CVE-2020-10115

cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. SEC-537...

CVE-2020-10116

cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls SEC-541...

CVE-2020-10117

cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace SEC-542...

Design/Logic Flaw

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...

CVE-2020-10122

CVE-2020-10122 affects cPanel prior to 84.0.20; a webmail or demo account can delete arbitrary files (SEC-547). Connected sources confirm the issue and affected versions, but do not provide explicit remediation details in the documents. The exact fix/version beyond “before 84.0.20” is not specifi...

CVE-2020-10121

cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs SEC-546...

CVE-2020-10119

cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell SEC-544...

CVE-2020-10117

CVE-2020-10117 affects cPanel prior to 84.0.20, where enforcement of demo checks in the Market UAPI namespace is mishandled (SEC-542). The issue enables weaknesses in access/validation that could impact confidentiality and integrity (per CVSS3.1: High, with Network access and no user interaction)...

CVE-2020-10113

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...