Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cpanel cpanel vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-38584
The WHM Locale Upload feature in cPanel prior to 98.0.1 allows XXE attacks (SEC-585).
Cpanel Cpanel
8.1
CVSSv3
CVE-2021-38589
In cPanel prior to 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
Cpanel Cpanel
NA
CVE-2006-2825
cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script tha...
Cpanel Cpanel
4.1
CVSSv3
CVE-2020-29135
cPanel prior to 90.0.17 has multiple instances of URL parameter injection (SEC-567).
Cpanel Cpanel
6.1
CVSSv3
CVE-2020-29137
cPanel prior to 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
Cpanel Cpanel
NA
CVE-2007-3366
Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel prior to 10.9.1, and 11.x prior to 11.4.19-R14378, allows remote malicious users to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the detail...
Cpanel Cpanel
NA
CVE-2007-3367
Simple CGI Wrapper (scgiwrap) in cPanel prior to 10.9.1, and 11.x prior to 11.4.19-R14378, allows remote malicious users to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the deta...
Cpanel Cpanel
6.1
CVSSv3
CVE-2017-5614
Open redirect vulnerability in cgiemail and cgiecho allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
Cpanel Cpanel
8.8
CVSSv3
CVE-2019-20490
cPanel prior to 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
Cpanel Cpanel
5.4
CVSSv3
CVE-2019-20491
cPanel prior to 82.0.18 allows malicious users to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
Cpanel Cpanel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »