← Back

Cpanel

cpanel

426 CVEs • 6 products

Products (6)

Click to collapse
Toggle
Cpanel
cpanel
417 CVEs
Webhost Manager
webhost_manager
5 CVEs
Cgiecho
cgiecho
3 CVEs
Cgiemail
cgiemail
3 CVEs
Whm
whm
3 CVEs
Wp Squared
wp_squared
1 CVE

CVEs (426)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-14394
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).
CVE-2019-14393
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
5.3 MEDIUM· v3
4.6 MEDIUM· v2
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).
CVE-2018-20870
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).
CVE-2018-20869
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).
CVE-2018-20868
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
CVE-2018-20866
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
CVE-2018-20865
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
CVE-2018-20864
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).
CVE-2018-20863
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).
CVE-2018-20862
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
7.8 HIGH· v3
2.1 LOW· v2
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).
CVE-2019-14392
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
CVE-2018-20867
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).
CVE-2019-14391
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
3.3 LOW· v3
2.1 LOW· v2
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).
CVE-2019-14390
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).
CVE-2019-14389
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
7.8 HIGH· v3
2.1 LOW· v2
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).
CVE-2019-14388
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).
CVE-2019-14387
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
CVE-2019-14386
1Cpanel
1Cpanel
Nov 21, 2024
Jul 30, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).
CVE-2018-16236
1Cpanel
1Cpanel
Nov 21, 2024
Aug 30, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
CVE-2017-11441
1Cpanel
1Whm
May 13, 2026
Jul 19, 2017
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.