Cpanel : Security Vulnerabilities, CVEs, CVSS score between 5 and 7.99

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).

Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.

cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).

cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).

cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).

cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).

In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299).

cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).

In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).

cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).

cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).

cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).

cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).

cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).

cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).

cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).

cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479).

Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.

cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).

cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192).

cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).

cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).

cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).