HIGH🇵🇱 Wersja polska

CVE-2016-10846

CVSS 8.1v3.0pub. 2019-08-01upd. 2024-11-21

cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Cpanel

    APP
    Cpanel
    11.48.0.5 – 11.48.5.2 (bez)11.50.0.4 – 11.50.4.3 (bez)11.51.9999.98 – 11.52.2.4 (bez)11.54.0.0 – 11.54.0.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-41940CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Authentication bypass w cPanel/WHM — nieautoryzowany dostęp do panelu

CVE-2020-26105CRITICAL9.8ten sam produkt

In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).

CVE-2020-26098CRITICAL9.8ten sam produkt

cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).

CVE-2020-26100CRITICAL9.8ten sam produkt

chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).

CVE-2020-26101CRITICAL9.8ten sam produkt

In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).