First published: Tue Mar 17 2020(Updated: )
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cpanel Cpanel | <84.0.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10120 is a vulnerability in cPanel that allows resellers to achieve remote code execution as root via a cpsrvd rsync shell.
CVE-2020-10120 is considered critical with a severity rating of 7.2.
cPanel versions up to and excluding 84.0.20 are affected by CVE-2020-10120.
Resellers can exploit CVE-2020-10120 by using a cpsrvd rsync shell to achieve remote code execution as root.
Yes, the fix for CVE-2020-10120 is included in cPanel version 84.0.20.