CVE-2008-2071

Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2
http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html
http://secunia.com/advisories/30166
http://securityreason.com/securityalert/3866
http://www.securityfocus.com/archive/1/491864/100/0/threaded
http://www.securityfocus.com/bid/29125
http://www.vupen.com/english/advisories/2008/1522/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42306
http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2
http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html
http://secunia.com/advisories/30166
http://securityreason.com/securityalert/3866
http://www.securityfocus.com/archive/1/491864/100/0/threaded
http://www.securityfocus.com/bid/29125
http://www.vupen.com/english/advisories/2008/1522/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42306

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cpanel:cpanel:11.18:::::::*
	cpe:2.3:a:cpanel:cpanel:11.18.1:::::::*
	cpe:2.3:a:cpanel:cpanel:11.18.2:::::::*
	cpe:2.3:a:cpanel:cpanel:11.18.3:::::::*
	cpe:2.3:a:cpanel:cpanel:11.22:::::::*
	cpe:2.3:a:cpanel:cpanel:11.22.1:::::::*
	cpe:2.3:a:cpanel:cpanel:11.22.2:::::::*

History

21 Nov 2024, 00:46

Type	Values Removed	Values Added
References	~~() http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 -~~	() http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 -
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html -~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html -
References	~~() http://secunia.com/advisories/30166 -~~	() http://secunia.com/advisories/30166 -
References	~~() http://securityreason.com/securityalert/3866 -~~	() http://securityreason.com/securityalert/3866 -
References	~~() http://www.securityfocus.com/archive/1/491864/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/491864/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/29125 -~~	() http://www.securityfocus.com/bid/29125 -
References	~~() http://www.vupen.com/english/advisories/2008/1522/references -~~	() http://www.vupen.com/english/advisories/2008/1522/references -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/42306 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/42306 -

07 Nov 2023, 02:02

Type	Values Removed	Values Added
References	{'url': 'http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=25;te=1314;pg=2', 'name': 'http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=25;te=1314;pg=2', 'tags': [], 'refsource': 'CONFIRM'}	() http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 -

Information

Published : 2008-05-12 16:20

Updated : 2025-04-09 00:30

NVD link : CVE-2008-2071

Mitre link : CVE-2008-2071

CVE.ORG link : CVE-2008-2071

JSON object : View

Products Affected

cpanel

cpanel

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

4.3 /10