Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cpanel cpanel vulnerabilities and exploits
(subscribe to this query)
774
VMScore
CVE-2016-10804
The SQLite journal feature in cPanel prior to 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
Cpanel Cpanel
756
VMScore
CVE-2016-10837
cPanel prior to 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
Cpanel Cpanel
756
VMScore
CVE-2016-10846
cPanel prior to 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
Cpanel Cpanel
755
VMScore
CVE-2009-2168
cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and previous versions sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote malicious users to bypass authentication by providing arbitrary username and password pa...
Egyplus 7ammel
1 EDB exploit
755
VMScore
CVE-2006-6566
PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote malicious users to execute arbitrary PHP code via a URL in the module_root_path parameter.
Mxbb Mxbb 0.91c
1 EDB exploit
725
VMScore
CVE-2004-0490
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execut...
Cpanel Cpanel 5.3
Cpanel Cpanel 6.0
Cpanel Cpanel 9.0
Cpanel Cpanel 9.1
Cpanel Cpanel 6.4.1
Cpanel Cpanel 6.4.2
Cpanel Cpanel 6.2
Cpanel Cpanel 6.4
Cpanel Cpanel 9.1.0 R85
Cpanel Cpanel 5.0
Cpanel Cpanel 6.4.2 Stable 48
Cpanel Cpanel 7.0
Cpanel Cpanel 8.0
1 EDB exploit
703
VMScore
CVE-2018-20945
bin/csvprocess in cPanel prior to 68.0.27 allows insecure file operations (SEC-354).
Cpanel Cpanel
694
VMScore
CVE-2007-3367
Simple CGI Wrapper (scgiwrap) in cPanel prior to 10.9.1, and 11.x prior to 11.4.19-R14378, allows remote malicious users to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the deta...
Cpanel Cpanel
685
VMScore
CVE-2008-6926
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action....
Netenberg Fantastico De Luxe
1 EDB exploit
685
VMScore
CVE-2009-2167
Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and previous versions, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter.
Egyplus 7ammel
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »