Vulnerability Description
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cpanel | Cpanel | 5.0 |
References
- http://marc.info/?l=bugtraq&m=107904890724201&w=2
- http://secunia.com/advisories/11111Vendor Advisory
- http://www.kb.cert.org/vuls/id/831534Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0Vendor Advisory
- http://www.securityfocus.com/bid/9848ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15443
- http://marc.info/?l=bugtraq&m=107904890724201&w=2
- http://secunia.com/advisories/11111Vendor Advisory
- http://www.kb.cert.org/vuls/id/831534Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0Vendor Advisory
- http://www.securityfocus.com/bid/9848ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15443
FAQ
What is CVE-2004-1769?
CVE-2004-1769 is a vulnerability with a CVSS score of 10.0 (HIGH). The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to rese...
How severe is CVE-2004-1769?
CVE-2004-1769 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1769?
Check the references section above for vendor advisories and patch information. Affected products include: Cpanel Cpanel.