The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and previous versions, including 8.x, allows remote malicious users to execute arbitrary code via the user parameter to resetpass.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cpanel cpanel 6.4 |
||
cpanel cpanel 6.4.1 |
||
cpanel cpanel 5.0 |
||
cpanel cpanel 5.3 |
||
cpanel cpanel 7.0 |
||
cpanel cpanel 8.0 |
||
cpanel cpanel 9.0 |
||
cpanel cpanel 6.4.2 |
||
cpanel cpanel 6.4.2_stable_48 |
||
cpanel cpanel 6.0 |
||
cpanel cpanel 6.2 |
||
cpanel cpanel 9.1 |