CVE-2017-18404

Severity CVSS v4.0:
Pending analysis
Type:
CWE-284 Improper Access Control
Publication date:
02/08/2019
Last modified:
13/08/2019

Description

cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:* 61.9999.55 (including) 62.0.35 (excluding)
cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:* 63.9999.74 (including) 64.0.42 (excluding)
cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:* 65.9999.38 (including) 66.0.34 (excluding)
cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:* 67.9999.64 (including) 68.0.15 (excluding)