cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).
cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487).
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
A vulnerability classified as critical was found in melMass comfy_mtb up to 0.1.4. Affected by this vulnerability is the function run_command of the file comfy_mtb/endpoint.py of the component Dependency Handler. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6e004cce2c32f8e48b868e66b89f82da4887dc3. It is recommended to apply a patch to fix this issue.
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.
A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the argument target["url"] leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php.
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.
reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.