← Back

CVE-2017-18457

nvd nist
Published: Aug 2, 2019Modified: Nov 21, 2024

JSON object

Loading...
4.4
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 0.8 / Impact: 3.6
Source: NVD

Description

cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).

Affected (4)

Products: Cpanel: Cpanel
Cpanel
1 product
Cpanel
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Cpanel
Cpanel
From 55.9999.61 to 56.0.46
Cpanel
From 57.9999.48 to 58.0.45
Cpanel
From 59.9999.58 to 60.0.39
Cpanel
From 61.9999.55 to 62.0.17

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

Source: cve@mitre.org
ProductRelease Notes
Source: nvd@nist.gov
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductRelease Notes

Timeline

No history available yet.