“the vulnerability and proof of concept exploitation code against internet - exposed cpanel or webhost manager ( whm ). the entire exploit chain requires only a small number of http requests and no valid credentials, after which full whm api access provides root - level remote cod…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
99%
“fixed version 11. 86. 0. 41 - cpanel & whm 11. 110. 0 versions prior to fixed version 11. 110. 0. 97 - cpanel & whm 11. 118. 0 versions prior to fixed version 11. 118. 0. 63 - cpanel & whm 11. 126. 0 versions prior to fixed version 11. 126. 0. 54 - cpanel & whm 11. 130. 0 version…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
98%
“allow for remote code execution. details of the vulnerability are as follows : tactic : initial access ( ta0001 ) : technique : exploit public - facing application ( t1190 ) : - cpanel and whm versions after 11. 40 contain an authentication bypass vulnerability in the login flow …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
54%
“a vulnerability in whm cpanel and wp squared could allow for remote code execution a vulnerability in whm cpanel and wp squared could allow for remote code execution ms - isac advisory number : 2026 - 042date ( s ) issued : 05 / 04 / 2026overview : a vulnerability has been discov…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.001Default Accounts
45%
“of least privilege to all systems and services. run all software as a non - privileged user ( one without administrative privileges ) to diminish the effects of a successful attack. ( m1026 : privileged account management ) - safeguard 4. 7 : manage default accounts on enterprise…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A vulnerability has been discovered in WHM, cPanel, and WP Squared that could allow for remote code execution. WHM, cPanel, and WP Squared are Linux-based web hosting control panels for server and website management. While WHM provides server-level control, cPanel provides administrator access to the website backend, webmail, and databases. Successful exploitation could allow unauthenticated remote attackers to bypass authentication and gain unauthorized administrative access to the affected systems, ultimately leading to remote code execution.