CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,599 vulnerabilities with CWE-20
CVE-2017-18458 LOW
cPanel 55.9999.61-61.9999.999 - Unauthenticated File Overwrite via Account Rename
CVSS 3.3
CVE-2017-18453 MEDIUM
Cpanel < 56.0.49 - Improper Input Validation
CVSS 4.9
CVE-2017-18452 MEDIUM
cPanel 55.9999.61-64.0.20 - Remote Code Execution via Rails Configuration Files
CVSS 6.7
CVE-2017-18449 MEDIUM
cPanel < 56.0.49 - Unauthenticated File Rename via convert_roundcube_mysql2sqlite Script
CVSS 5.5
CVE-2017-18447 MEDIUM
cPanel < 56.0.49 - Authenticated Remote Code Execution via ClamScanner_getsocket API
CVSS 6.3
CVE-2017-18444 MEDIUM
cPanel < 56.0.49 - Unauthenticated SSH API Command Execution
CVSS 5.3
CVE-2017-18443 MEDIUM
cPanel 55.9999.61-56.0.49 - SSH Port Forwarding Access for Demo and Suspended Accounts
CVSS 5.8
CVE-2017-18440 MEDIUM
cPanel 56.0.1-56.0.49 - Authenticated Command Execution via API2 Traceroute
CVSS 4.3
CVE-2017-18439 MEDIUM
cPanel < 56.0.49 - Authenticated Remote Code Execution via ImageManager_dimensions API
CVSS 6.3
CVE-2017-18434 HIGH
cPanel 55.9999.61-64.0.20 - Remote Code Execution via SET_VHOST_LANG_PACKAGE Multilang Adminbin Call
CVSS 7.8
CVE-2017-18433 HIGH
cPanel 55.9999.61-64.0.20 - Remote Code Execution via store_filter API
CVSS 8.8
CVE-2017-18431 HIGH
cPanel 65.9999.38-65.9999.x - Improper Input Validation in Suspend/Unsuspend Operations
CVSS 7.5
CVE-2017-18430 MEDIUM
cPanel 55.9999.61-66.0.2 - Improper Input Validation in reassign_post_terminate_cruft
CVSS 4.7
CVE-2017-18415 HIGH
cPanel < 56.0.52 - Remote Code Execution via Mailman Environment Variable Injection
CVSS 7.8
CVE-2017-18411 MEDIUM
cPanel 55.9999.61-56.0.52 - Unauthenticated MySQL Database Exposure via Addon Domain Conversion
CVSS 6.8
CVE-2017-18410 MEDIUM
cPanel < 56.0.52 - Unauthenticated MySQL Database Exposure via Backup Archive
CVSS 6.5
CVE-2017-18409 MEDIUM
cPanel < 56.0.52 - Unauthenticated MySQL Database Exposure via Backup Interface
CVSS 6.5
CVE-2017-18405 MEDIUM
cPanel 61.9999.55-62.0.35 - Arbitrary File Read via Backup .htaccess Modification
CVSS 5.5
CVE-2017-18401 LOW
cPanel 61.9999.55-62.0.35 - Improper Input Validation in Username Creation
CVSS 2.7
CVE-2017-18398 LOW
cPanel 61.9999.55-61.9999.9999 - Unauthenticated Zone Creation via DnsUtils
CVSS 3.8
CVE-2017-18395 LOW
cPanel < 62.0.35 - Improper Input Validation
CVSS 2.7
CVE-2017-18394 LOW
cPanel < 62.0.35 - Improper Input Validation
CVSS 2.7
CVE-2017-18393 LOW
cPanel < 62.0.35 - Unauthenticated Private Email Reception via Postmaster Username
CVSS 2.7
CVE-2017-18392 LOW
cPanel 63.9999.74-64.0.41 - PostgreSQL Database Assignment Collision
CVSS 2.0
CVE-2017-18388 HIGH
cPanel 61.9999.55-61.9999.9999 - Unsafe File Operations via Jailshell Umask Misconfiguration
CVSS 7.8
Details
Vulnerabilities 12,599
Exploit Likelihood High