cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cpanel | Cpanel | 69.9999.122 (including) | 70.0.53 (excluding) |
Cpanel | Cpanel | 71.9980.30 (including) | 72.0.10 (excluding) |
Cpanel | Cpanel | 73.9980.0 (including) | 74.0.0 (excluding) |