Cpanel Security Vulnerabilities

CVE-2018-20918

cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).

CVE-2018-20919

cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).

CVE-2018-20920

cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).

CVE-2018-20921

cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).

CVE-2018-20922

cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).

CVE-2018-20923

cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).

CVE-2018-20924

cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).

CVE-2018-20925

cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).

CVE-2018-20926

cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).

CVE-2018-20927

cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).

CVE-2018-20928

cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).

CVE-2018-20929

cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).

CVE-2018-20930

cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).

CVE-2018-20931

cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).

CVE-2018-20932

cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).

CVE-2018-20933

cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).

CVE-2018-20934

cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).

CVE-2018-20935

cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).

CVE-2018-20936

cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).

CVE-2018-20937

cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).

CVE-2018-20938

cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).

CVE-2018-20939

cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).

CVE-2018-20940

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).

CVE-2018-20941

cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).

CVE-2018-20942

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).

CVE-2018-20943

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).

CVE-2018-20944

cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).

CVE-2018-20945

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).

CVE-2018-20946

cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).

CVE-2018-20947

cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).

CVE-2018-20948

cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).

CVE-2018-20949

cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).

CVE-2018-20950

cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).

CVE-2018-20951

cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).

CVE-2018-20952

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).

CVE-2018-20953

cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).

CVE-2019-14386

cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).

CVE-2019-14387

cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).

CVE-2019-14388

cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).

CVE-2019-14389

cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).

CVE-2019-14390

cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).

CVE-2019-14391

cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).

CVE-2019-14392

cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).

CVE-2019-14393

cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).

CVE-2019-14394

cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).

CVE-2019-14395

cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).

CVE-2019-14396

API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).

CVE-2019-14397

cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).

CVE-2019-14398

cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).

CVE-2019-14399

The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).