CyberSec.Space Logo
返回 CVE 浏览器

CVE-2004-1769

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile10.62th
Published2004年3月11日
Last Modified2026年4月16日

Vulnerability Description

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.

Affected Platforms (CPE)

📦
Cpanel

Cpanel

= 5.0
📦
Cpanel

Cpanel

= 5.3
📦
Cpanel

Cpanel

= 6.0
📦
Cpanel

Cpanel

= 6.2
📦
Cpanel

Cpanel

= 6.4
📦
Cpanel

Cpanel

= 6.4.1
📦
Cpanel

Cpanel

= 6.4.2
📦
Cpanel

Cpanel

= 6.4.2_stable_48
📦
Cpanel

Cpanel

= 7.0
📦
Cpanel

Cpanel

= 8.0
📦
Cpanel

Cpanel

= 9.0
📦
Cpanel

Cpanel

= 9.1

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=107904890724201&w=2
🔗 http://secunia.com/advisories/11111
🔗 http://www.kb.cert.org/vuls/id/831534
🔗 http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0
🔗 http://www.securityfocus.com/bid/9848
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/15443
🔗 http://marc.info/?l=bugtraq&m=107904890724201&w=2
🔗 http://secunia.com/advisories/11111

相关漏洞威胁

CVE-2004-177010.0

The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metachar...

CVE-2015-284410.0

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary com...

CVE-2003-142510.0

guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.

CVE-2015-284510.0

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary com...