MySQL User Password Vulnerability in cPanel by cPanel
CVE-2021-26267

7.5HIGH

Key Information:

Vendor
Cpanel
Status
Cpanel
Vendor
CVE Published:
26 January 2021

Summary

A vulnerability exists in cPanel that allows a MySQL user utilizing an outdated password hash to bypass the suspension mechanism, which could pose security risks and lead to unauthorized access. This flaw has been documented in version 92.0.9 and earlier, emphasizing the importance of updating to mitigate such risks. Admins should ensure that their systems are updated promptly to close this vulnerability.

References

https://docs.cpanel.net/changelogs/92-change-log/
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.