Security Vulnerabilities - CVEs Published In March 2020
cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).
CVSS Score
9.8
EPSS Score
0.006
Published
2020-03-17
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
CVSS Score
6.5
EPSS Score
0.005
Published
2020-03-17
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
CVSS Score
5.4
EPSS Score
0.012
Published
2020-03-17
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
CVSS Score
3.3
EPSS Score
0.001
Published
2020-03-17
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
CVSS Score
6.5
EPSS Score
0.004
Published
2020-03-17
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
CVSS Score
5.5
EPSS Score
0.001
Published
2020-03-17
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
CVSS Score
5.4
EPSS Score
0.004
Published
2020-03-17
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-17
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17