SB2019080114 - Multiple vulnerabilities in cPanel, cPanel
Published: August 1, 2019 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Untrusted search path (CVE-ID: CVE-2016-10837)
The vulnerability allows a remote authenticated user to execute arbitrary code.
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
2) Improper access control (CVE-ID: CVE-2016-10838)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
3) SQL injection (CVE-ID: CVE-2016-10839)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in bin/horde_update_usernames (SEC-71) in cPanel before 11.54.0.4. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
4) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2016-10840)
The vulnerability allows a remote authenticated user to execute arbitrary code.
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
5) Input validation error (CVE-ID: CVE-2016-10842)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
6) Command Injection (CVE-ID: CVE-2016-10843)
The vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).
7) Information disclosure (CVE-ID: CVE-2016-10844)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).
8) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2016-10845)
The vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
9) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2016-10847)
The vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
10) Improper Authorization (CVE-ID: CVE-2016-10848)
The vulnerability allows a remote privileged user to execute arbitrary code.
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
11) Command Injection (CVE-ID: CVE-2016-10849)
The vulnerability allows a remote authenticated user to manipulate data.
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).
12) Input validation error (CVE-ID: CVE-2016-10850)
The vulnerability allows a remote authenticated user to execute arbitrary code.
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
13) Cross-site scripting (CVE-ID: CVE-2016-10851)
The vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
14) Improper access control (CVE-ID: CVE-2016-10852)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
15) Cross-site scripting (CVE-ID: CVE-2016-10853)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
16) Cross-site scripting (CVE-ID: CVE-2016-10854)
The vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
17) Input validation error (CVE-ID: CVE-2016-10855)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
Remediation
Install update from vendor's website.