Skip to main content
CVE-2020-10121 CRITICAL Act Now

cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-10119 CRITICAL Act Now

cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-10380 CRITICAL Act Now

RMySQL through 0.10.19 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rmysql
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-10118 CRITICAL Act Now

cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2020-10117 CRITICAL Act Now

cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy