CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1769

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile10.62th
PublishedMar 11, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.

Affected Platforms (CPE)

πŸ“¦
Cpanel

Cpanel

= 5.0
πŸ“¦
Cpanel

Cpanel

= 5.3
πŸ“¦
Cpanel

Cpanel

= 6.0
πŸ“¦
Cpanel

Cpanel

= 6.2
πŸ“¦
Cpanel

Cpanel

= 6.4
πŸ“¦
Cpanel

Cpanel

= 6.4.1
πŸ“¦
Cpanel

Cpanel

= 6.4.2
πŸ“¦
Cpanel

Cpanel

= 6.4.2_stable_48
πŸ“¦
Cpanel

Cpanel

= 7.0
πŸ“¦
Cpanel

Cpanel

= 8.0
πŸ“¦
Cpanel

Cpanel

= 9.0
πŸ“¦
Cpanel

Cpanel

= 9.1

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=107904890724201&w=2
πŸ”— http://secunia.com/advisories/11111
πŸ”— http://www.kb.cert.org/vuls/id/831534
πŸ”— http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0
πŸ”— http://www.securityfocus.com/bid/9848
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/15443
πŸ”— http://marc.info/?l=bugtraq&m=107904890724201&w=2
πŸ”— http://secunia.com/advisories/11111

Related Vulnerabilities

CVE-2004-177010.0

The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metachar...

CVE-2015-284410.0

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary com...

CVE-2003-142510.0

guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.

CVE-2015-284510.0

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary com...