ID CVE-2004-1769
Summary The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
References
Vulnerable Configurations
  • cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 9848
bugtraq
  • 20040311 Cpanel 8.*.* have a problem ?
  • 20040311 cPanel Secuirty Advisory CPANEL-2004:01-01
cert-vn VU#831534
secunia 11111
xf cpanel-resetpass-execute-commands(15443)
Last major update 11-07-2017 - 01:31
Published 11-03-2004 - 05:00
Last modified 11-07-2017 - 01:31
Back to Top