The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,599 vulnerabilities with CWE-20
CVE-2017-18458
LOW
cPanel 55.9999.61-61.9999.999 - Unauthenticated File Overwrite via Account Rename
CVSS 3.3
CVE-2017-18453
MEDIUM
Cpanel < 56.0.49 - Improper Input Validation
CVSS 4.9
CVE-2017-18452
MEDIUM
cPanel 55.9999.61-64.0.20 - Remote Code Execution via Rails Configuration Files
CVSS 6.7
CVE-2017-18449
MEDIUM
cPanel < 56.0.49 - Unauthenticated File Rename via convert_roundcube_mysql2sqlite Script
CVSS 5.5
CVE-2017-18447
MEDIUM
cPanel < 56.0.49 - Authenticated Remote Code Execution via ClamScanner_getsocket API
CVSS 6.3
CVE-2017-18444
MEDIUM
cPanel < 56.0.49 - Unauthenticated SSH API Command Execution
CVSS 5.3
CVE-2017-18443
MEDIUM
cPanel 55.9999.61-56.0.49 - SSH Port Forwarding Access for Demo and Suspended Accounts
CVSS 5.8
CVE-2017-18440
MEDIUM
cPanel 56.0.1-56.0.49 - Authenticated Command Execution via API2 Traceroute
CVSS 4.3
CVE-2017-18439
MEDIUM
cPanel < 56.0.49 - Authenticated Remote Code Execution via ImageManager_dimensions API
CVSS 6.3
CVE-2017-18434
HIGH
cPanel 55.9999.61-64.0.20 - Remote Code Execution via SET_VHOST_LANG_PACKAGE Multilang Adminbin Call
CVSS 7.8
CVE-2017-18433
HIGH
cPanel 55.9999.61-64.0.20 - Remote Code Execution via store_filter API
CVSS 8.8
CVE-2017-18431
HIGH
cPanel 65.9999.38-65.9999.x - Improper Input Validation in Suspend/Unsuspend Operations
CVSS 7.5
CVE-2017-18430
MEDIUM
cPanel 55.9999.61-66.0.2 - Improper Input Validation in reassign_post_terminate_cruft
CVSS 4.7
CVE-2017-18415
HIGH
cPanel < 56.0.52 - Remote Code Execution via Mailman Environment Variable Injection
CVSS 7.8
CVE-2017-18411
MEDIUM
cPanel 55.9999.61-56.0.52 - Unauthenticated MySQL Database Exposure via Addon Domain Conversion
CVSS 6.8
CVE-2017-18410
MEDIUM
cPanel < 56.0.52 - Unauthenticated MySQL Database Exposure via Backup Archive
CVSS 6.5
CVE-2017-18409
MEDIUM
cPanel < 56.0.52 - Unauthenticated MySQL Database Exposure via Backup Interface
CVSS 6.5
CVE-2017-18405
MEDIUM
cPanel 61.9999.55-62.0.35 - Arbitrary File Read via Backup .htaccess Modification
CVSS 5.5
CVE-2017-18401
LOW
cPanel 61.9999.55-62.0.35 - Improper Input Validation in Username Creation
CVSS 2.7
CVE-2017-18398
LOW
cPanel 61.9999.55-61.9999.9999 - Unauthenticated Zone Creation via DnsUtils
CVSS 3.8
CVE-2017-18395
LOW
cPanel < 62.0.35 - Improper Input Validation
CVSS 2.7
CVE-2017-18394
LOW
cPanel < 62.0.35 - Improper Input Validation
CVSS 2.7
CVE-2017-18393
LOW
cPanel < 62.0.35 - Unauthenticated Private Email Reception via Postmaster Username
CVSS 2.7
CVE-2017-18392
LOW
cPanel 63.9999.74-64.0.41 - PostgreSQL Database Assignment Collision
CVSS 2.0
CVE-2017-18388
HIGH
cPanel 61.9999.55-61.9999.9999 - Unsafe File Operations via Jailshell Umask Misconfiguration
CVSS 7.8
Details
Vulnerabilities
12,599
Exploit Likelihood
High