cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252).
Max CVSS
5.3
EPSS Score
0.10%
Published
2019-08-02
Updated
2019-08-08
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
Max CVSS
9.0
EPSS Score
0.09%
Published
2019-08-01
Updated
2019-08-07
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
Max CVSS
5.0
EPSS Score
0.96%
Published
2009-07-01
Updated
2017-09-19
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
Max CVSS
5.0
EPSS Score
2.12%
Published
2009-09-01
Updated
2018-10-11
Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
Max CVSS
5.0
EPSS Score
0.73%
Published
2009-07-02
Updated
2018-10-11
5 vulnerabilities found