PT-2004-2673 · Cpanel · Cpanel

Published

2004-03-11

Updated

2017-07-11

CVE-2004-1769

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions cPanel versions 8.x through 9.1.0 build 34

Description The issue allows remote attackers to execute arbitrary code via the user parameter to the resetpass feature. This is related to the "Allow cPanel users to reset their password via email" feature.

Recommendations For versions 8.x through 9.1.0 build 34, consider disabling the "Allow cPanel users to reset their password via email" feature until a patch is available. Avoid using the user parameter in the resetpass feature to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1769

Affected Products

Cpanel

PT-2004-2673 · Cpanel · Cpanel

CVE-2004-1769

Related Identifiers

Affected Products

References · 9