CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1770

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0180%
EPSS Percentile44.76th
PublishedMar 11, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.

Affected Platforms (CPE)

πŸ“¦
Cpanel

Cpanel

= 5.0
πŸ“¦
Cpanel

Cpanel

= 5.3
πŸ“¦
Cpanel

Cpanel

= 6.0
πŸ“¦
Cpanel

Cpanel

= 6.2
πŸ“¦
Cpanel

Cpanel

= 6.4
πŸ“¦
Cpanel

Cpanel

= 6.4.1
πŸ“¦
Cpanel

Cpanel

= 6.4.2
πŸ“¦
Cpanel

Cpanel

= 6.4.2_stable_48
πŸ“¦
Cpanel

Cpanel

= 7.0
πŸ“¦
Cpanel

Cpanel

= 8.0
πŸ“¦
Cpanel

Cpanel

= 9.0
πŸ“¦
Cpanel

Cpanel

= 9.1

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=107911581732035&w=2
πŸ”— http://secunia.com/advisories/11124
πŸ”— http://www.kb.cert.org/vuls/id/831534
πŸ”— http://www.securityfocus.com/bid/9855
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/15486
πŸ”— http://marc.info/?l=bugtraq&m=107911581732035&w=2
πŸ”— http://secunia.com/advisories/11124
πŸ”— http://www.kb.cert.org/vuls/id/831534

Related Vulnerabilities

CVE-2004-176910.0

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows rem...

CVE-2015-284410.0

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary com...

CVE-2003-142510.0

guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.

CVE-2015-284510.0

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary com...