PT-2004-2673 · Cpanel · Cpanel
Publicado
2004-03-11
·
Atualizado
2017-07-11
·
CVE-2004-1769
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
cPanel versions 8.x through 9.1.0 build 34
Description
The issue allows remote attackers to execute arbitrary code via the
user parameter to the resetpass feature. This is related to the "Allow cPanel users to reset their password via email" feature.Recommendations
For versions 8.x through 9.1.0 build 34, consider disabling the "Allow cPanel users to reset their password via email" feature until a patch is available. Avoid using the
user parameter in the resetpass feature to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cpanel