cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cpanel | Cpanel | 61.9999.55 (including) | 62.0.39 (excluding) |
Cpanel | Cpanel | 65.9999.38 (including) | 66.0.35 (excluding) |
Cpanel | Cpanel | 67.9999.64 (including) | 68.0.27 (excluding) |