CVE-2017-18468

cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API SEC-232...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

cPanel Jailshell Escape Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. A Jailshell escape vulnerability exists in chsh in cPanel versions prior to 88.0.3. No detailed vulnerability details are provided at this time...

CVE-2020-26109

cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification SEC-557...

CVE-2020-10117

cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace SEC-542...

cPanel cross-site scripting vulnerability (CNVD-2020-03741)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in versions prior to cPanel 70.0.23. The vulnerability stems from a lack of proper...

cPanel Authorization Issues Vulnerability (CNVD-2019-29023)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. An authorization issue vulnerability exists in versions prior to cPanel 55.9999.141. The vulnerability stems from a lack...

cPanel cross-site scripting vulnerability (CNVD-2019-29011)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the WHM Spamd Startup Config in versions prior to cPanel 68.0.27. The vulnerabilit...

CVE-2016-10803

cPanel before 57.9999.105 allows newline injection via LOC records CPANEL-6923...

cPanel Authorization Issues Vulnerability (CNVD-2019-29611)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. An authorization issue vulnerability exists in versions prior to cPanel 67.9999.103. The vulnerability stems from a lack...

cPanel Code Execution Vulnerability (CNVD-2019-26349)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A code execution vulnerability exists in versions of cPanel prior to 62.0.17. An attacker can exploit this vulnerability to execu...

cPanel Input Validation Error Vulnerability (CNVD-2019-29621)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions prior to 11.54.0.4. The vulnerability can be exploited by an attacker to execu...

CVE-2017-18454

cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface SEC-262...

CVE-2017-18458

cPanel before 62.0.17 allows file overwrite when renaming an account SEC-219...

CVE-2017-18426

cPanel before 66.0.2 allows resellers to read other accounts' domain log files SEC-288...

CVE-2018-20948

cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration SEC-383...

CVE-2018-20905

cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction SEC-429...

CVE-2018-20873

cPanel before 74.0.8 allows local users to disable the ClamAV daemon SEC-409...

cPanel cross-site scripting vulnerability (CNVD-2019-26367)

cPanel is a set of the most prestigious commercial software in the web hosting industry, which is based on Linux and BSD system, developed in PHP and closed-source software in nature, providing powerful and quite complete hosting management functions. A stored cross-site scripting vulnerability...

CVE-2019-14406

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing SEC-493...