Vulnerability CVE-2016-10817


Published: 2019-08-01   Modified: 2019-08-02

Description:
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Vendor: Cpanel
Product: Cpanel 
Version:
56.0.9
56.0.8
56.0.5
56.0.3
56.0.14
56.0.13
56.0.1
11.54.0.8
11.54.0.7
11.54.0.6
11.54.0.5
11.54.0.4
11.54.0.23
11.54.0.22
11.54.0.21
11.54.0.20
11.54.0.19
11.54.0.18
11.54.0.17
11.54.0.16
11.54.0.15
11.54.0.14
11.54.0.12
11.54.0.1
11.54.0.0
11.52.6.0
11.50.1.2
11.50.1.1
11.50.0.9
11.50.0.7
11.50.0.6
11.50.0.4
11.50.0.30
11.50.0.29
11.50.0.27
11.50.0.25
11.50.0.23
11.50.0.22
11.50.0.20
11.50.0.19
11.50.0.17
11.50.0.15
11.50.0.14
11.50.0.12
11.50.0.10

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://documentation.cpanel.net/display/CL/58+Change+Log
https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/

Related CVE
CVE-2016-10812
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
CVE-2016-10811
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
CVE-2016-10810
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
CVE-2016-10809
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
CVE-2016-10808
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
CVE-2016-10807
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).
CVE-2016-10806
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
CVE-2016-10805
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).

Copyright 2019, cxsecurity.com

 

Back to Top