Published: 11/03/2004 Updated: 11/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and previous versions, including 8.x, allows remote malicious users to execute arbitrary code via the user parameter to resetpass.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cpanel cpanel 6.4
cpanel cpanel 6.4.1
cpanel cpanel 5.0
cpanel cpanel 5.3
cpanel cpanel 7.0
cpanel cpanel 8.0
cpanel cpanel 9.0
cpanel cpanel 6.4.2
cpanel cpanel 6.4.2_stable_48
cpanel cpanel 6.0
cpanel cpanel 6.2
cpanel cpanel 9.1

source: wwwsecurityfocuscom/bid/9848/info A potential remote command execution vulnerability has been discovered in the cPanel Application This issue occurs due to insufficient sanitization of externally supplied data to the script that handles resetting user passwords An attacker may exploit this problem by crafting a malicious URI re ...

CVE-2004-1769 cPanel Resetpass Remote Command Execution

Shiguresh Mass cPanel resetter list ur payload, then with this bash allow to execute from different request Vulnerability Details : CVE-2004-1769 wwwcvedetailscom/cve/CVE-2004-1769/ The "Allow cPanel users to reset their password via email" feature in cPanel 910 build 34 and earlier, including 8x, allows remote attackers to execute arbitrary code via

NVD-CWE-Other http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0 http://www.kb.cert.org/vuls/id/831534 http://www.securityfocus.com/bid/9848 http://secunia.com/advisories/11111 http://marc.info/?l=bugtraq&m=107904890724201&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/15443 https://nvd.nist.gov https://github.com/sinkaroid/shiguresh https://www.exploit-db.com/exploits/23804/

CVE-2004-1769

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect