XXE Vulnerability in cPanel's WHM Locale Upload Feature
CVE-2021-38584
7.2HIGH
Summary
The WHM Locale Upload feature in cPanel prior to version 98.0.1 is susceptible to XXE attacks. By exploiting this vulnerability, an attacker could manipulate XML input to access sensitive data or execute unauthorized actions within the application, significantly compromising the security integrity of the server.
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved