Vulnerability CVE-2016-10810


Published: 2019-08-07

Description:
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).

Type:

CWE-200

(Information Exposure)

Vendor: Cpanel
Product: Cpanel 
Version:
57.9999.48
56.0.9
56.0.8
56.0.5
56.0.3
56.0.14
56.0.13
56.0.1
55.9999.99
55.9999.89
55.9999.69
55.9999.61
55.9999.193
55.9999.190
55.9999.188
55.9999.184
55.9999.182
55.9999.181
55.9999.180
55.9999.177
55.9999.176
55.9999.173
55.9999.171
55.9999.168
55.9999.167
55.9999.166
55.9999.164
55.9999.163
55.9999.162
55.9999.161
55.9999.159
55.9999.156
55.9999.154
55.9999.152
55.9999.148
55.9999.146
55.9999.144
55.9999.142
55.9999.141
55.9999.137
55.9999.130
55.9999.124
55.9999.122
55.9999.120
55.9999.117
55.9999.114
55.9999.106
11.54.0.8
11.54.0.7
11.54.0.6
11.54.0.5
11.54.0.4
11.54.0.23
11.54.0.22
11.54.0.21
11.54.0.20
11.54.0.19
11.54.0.18
11.54.0.17
11.54.0.16
11.54.0.15
11.54.0.14
11.54.0.12
11.54.0.1
11.54.0.0
11.52.6.0
11.52.2.1
11.52.1.3
11.52.1.2
11.52.1.1
11.52.1.0
11.52.0.9
11.52.0.8
11.52.0.6
11.52.0.5
11.52.0.24
11.52.0.23
11.52.0.22
11.52.0.21
11.52.0.20
11.52.0.18
11.52.0.17
11.52.0.15
11.52.0.14
11.52.0.13
11.52.0.10
11.51.9999.98
11.51.9999.165
11.51.9999.163
11.51.9999.159
11.51.9999.149
11.51.9999.140
11.51.9999.128
11.51.9999.121
11.51.9999.116
11.51.9999.114
11.51.9999.113
11.51.9999.105
11.51.9999.101
11.50.1.2
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://documentation.cpanel.net/display/CL/58+Change+Log
https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/

Related CVE
CVE-2019-17380
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
CVE-2019-17379
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
CVE-2019-17378
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
CVE-2019-17377
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
CVE-2019-17376
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
CVE-2019-17375
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
CVE-2016-10812
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
CVE-2016-10811
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).

Copyright 2019, cxsecurity.com

 

Back to Top