Multiple vulnerabilities in cPanel, cPanel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2016-10837 CVE-2016-10838 CVE-2016-10839 CVE-2016-10840 CVE-2016-10842 CVE-2016-10843 CVE-2016-10844 CVE-2016-10845 CVE-2016-10847 CVE-2016-10848 CVE-2016-10849 CVE-2016-10850 CVE-2016-10851 CVE-2016-10852 CVE-2016-10853 CVE-2016-10854 CVE-2016-10855 |
| CWE-ID | CWE-426 CWE-284 CWE-89 CWE-20 CWE-77 CWE-200 CWE-74 CWE-285 CWE-79 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
cPanel Web applications / Remote management & hosting panels |
| Vendor | cPanel, Inc |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Untrusted search path
EUVDB-ID: #VU30957
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10837
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU30958
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10838
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) SQL injection
EUVDB-ID: #VU30959
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10839
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in bin/horde_update_usernames (SEC-71) in cPanel before 11.54.0.4. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationUpdate to version 11.54.0.4.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU30960
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10840
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU30961
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10842
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Command Injection
EUVDB-ID: #VU30962
Risk: High
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10843
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU30963
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10844
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU30964
Risk: High
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10845
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU30965
Risk: High
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10847
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Authorization
EUVDB-ID: #VU30966
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10848
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to execute arbitrary code.
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Command Injection
EUVDB-ID: #VU30967
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10849
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU30968
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10850
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Cross-site scripting
EUVDB-ID: #VU30969
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10851
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper access control
EUVDB-ID: #VU30970
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-10852
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Cross-site scripting
EUVDB-ID: #VU30971
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10853
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 11.54.0.4.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Cross-site scripting
EUVDB-ID: #VU30972
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10854
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU30973
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-10855
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
MitigationInstall update from vendor's website.
Vulnerable software versionscPanel: 11.54.0.0 - 11.54.0.3
CPE2.3- cpe:2.3:a:cpanel:cpanel:11.54.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cpanel:cpanel:11.54.0.2:*:*:*:*:*:*:*
https://documentation.cpanel.net/display/CL/54+Change+Log
https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
