6.7

CVE-2018-20925

cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CpanelCpanel Version >= 61.9999.55 < 62.0.42
CpanelCpanel Version >= 67.9999.64 < 68.0.33
CpanelCpanel Version >= 69.9999.122 < 70.0.23
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.122
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://documentation.cpanel.net/display/CL/70+Change+Log
Third Party Advisory
Vendor Advisory