Summaryinfo

A vulnerability classified as critical was found in cPanel up to 55.9999.140. Affected is an unknown function of the component ACL. Such manipulation leads to access control. This vulnerability is referenced as CVE-2016-10830. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability, which was classified as critical, has been found in cPanel up to 55.9999.140 (Hosting Control Software). Affected by this issue is an unknown function of the component ACL. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Impacted is confidentiality, integrity, and availability. CVE summarizes:

cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).

The weakness was published 08/01/2019. This vulnerability is handled as CVE-2016-10830 since 07/31/2019. The exploitation is known to be easy. The attack may be launched remotely. The successful exploitation requires a simple authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.

Upgrading to version 55.9999.141 eliminates this vulnerability.

Similar entries are available at VDB-139159, VDB-139164, VDB-139163 and VDB-139162. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Hosting Control Software

Name

• cPanel

Version

• 55.9999.140

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion