Skip to main content

Cpanel CVE-2020-29135

MEDIUM
Inappropriate Encoding for Output Context (CWE-838)
2020-11-27 cve@mitre.org
4.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.1 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 27, 2020 - 02:15 nvd
MEDIUM 4.1

DescriptionNVD

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).

AnalysisAI

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-838. cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). Affected products include: Cpanel. Version information: before 90.0.17.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Cpanel

View all
CVE-2023-29489 MEDIUM POC
6.1 Apr 27

An issue was discovered in cPanel before 11.109.9999.116. Rated medium severity (CVSS 6.1), this vulnerability is remote

CVE-2018-16236 MEDIUM POC
6.1 Aug 30

cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is

CVE-2020-26108 CRITICAL
9.8 Sep 25

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). Rated critical severit

CVE-2020-26105 CRITICAL
9.8 Sep 25

In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). Rated critical severit

CVE-2020-26101 CRITICAL
9.8 Sep 25

In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). Rated critical severit

CVE-2020-26100 CRITICAL
9.8 Sep 25

chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). Rated critical severity (CVSS 9.8), this vulnerability

CVE-2020-26098 CRITICAL
9.8 Sep 25

cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). Rated critical severit

CVE-2020-10121 CRITICAL
9.8 Mar 17

cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). Rated critical s

CVE-2020-10119 CRITICAL
9.8 Mar 17

cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). Rated c

CVE-2020-10118 CRITICAL
9.1 Mar 17

cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543). Rated critical severity (C

CVE-2020-10117 CRITICAL
9.1 Mar 17

cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542). Rated critical sever

CVE-2019-17375 HIGH
8.8 Oct 09

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).

Share

CVE-2020-29135 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy