OpenID Injection Vulnerability in cPanel (SEC-368)

CVE-2018-20914 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:N

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).

Learn more about our Web Application Penetration Testing UK.