Multiple vulnerabilities in cPanel, cPanel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 24 |
| CVE-ID | CVE-2016-10776 CVE-2016-10777 CVE-2016-10778 CVE-2016-10779 CVE-2016-10780 CVE-2016-10781 CVE-2016-10782 CVE-2016-10783 CVE-2016-10784 CVE-2016-10785 CVE-2016-10786 CVE-2016-10787 CVE-2016-10788 CVE-2016-10789 CVE-2016-10790 CVE-2016-10767 CVE-2016-10768 CVE-2016-10769 CVE-2016-10770 CVE-2016-10771 CVE-2016-10772 CVE-2016-10773 CVE-2016-10774 CVE-2016-10775 |
| CWE-ID | CWE-79 CWE-200 CWE-20 CWE-601 CWE-254 CWE-134 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
cPanel Web applications / Remote management & hosting panels |
| Vendor | cPanel, Inc |
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU30840
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10776
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 60.0.25.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site scripting
EUVDB-ID: #VU30841
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10777
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU30842
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10778
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 60.0.25.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU30843
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10779
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 60.0.25.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
https://news.cpanel.com/cpanel-tsr-2016-0006-full-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU30844
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10780
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 60.0.25.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cross-site scripting
EUVDB-ID: #VU30845
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10781
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Cross-site scripting
EUVDB-ID: #VU30846
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10782
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 60.0.25.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Cross-site scripting
EUVDB-ID: #VU30847
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10783
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 60.0.25.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Cross-site scripting
EUVDB-ID: #VU30848
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10784
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU30849
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10785
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU30850
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10786
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU30851
Risk: High
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10787
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU30852
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10788
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU30853
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10789
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Information disclosure
EUVDB-ID: #VU30854
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10790
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Cross-site scripting
EUVDB-ID: #VU30868
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10767
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 60.0.25.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
https://news.cpanel.com/cpanel-tsr-2016-0006-full-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU30869
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10768
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Open redirect
EUVDB-ID: #VU30870
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10769
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU30871
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10770
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU30872
Risk: High
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10771
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Security Features
EUVDB-ID: #VU30873
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10772
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to manipulate data.
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Format string error
EUVDB-ID: #VU30874
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10773
CWE-ID:
CWE-134 - Use of Externally-Controlled Format String
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Cross-site scripting
EUVDB-ID: #VU30875
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10774
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
https://news.cpanel.com/cpanel-tsr-2016-0006-full-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU30876
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10775
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.60.0.3 - 11.60.0.24
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.60.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.60.0.5:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/60+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
