CVE-2018-20912

MEDIUM

cPanel < 70.0.23 - Authenticated Remote Code Execution via awstats

Title source: llm

cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).

Core 1

Core References

Release Notes, Vendor Advisory x_refsource_confirm

CVSS v3 6.3

EPSS 0.0091

EPSS Percentile 76.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-20

Status published

Products (1)

cpanel/cpanel < 70.0.23

Published Aug 01, 2019

Tracked Since Feb 18, 2026