First published: Thu Mar 11 2004(Updated: )
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
cPanel | =5.0 | |
cPanel | =5.3 | |
cPanel | =6.0 | |
cPanel | =6.2 | |
cPanel | =6.4 | |
cPanel | =6.4.1 | |
cPanel | =6.4.2 | |
cPanel | =6.4.2_stable_48 | |
cPanel | =7.0 | |
cPanel | =8.0 | |
cPanel | =9.0 | |
cPanel | =9.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-1769 is considered a high severity vulnerability due to its potential for remote code execution.
To fix CVE-2004-1769, update your cPanel installation to a version later than 9.1.0 build 34.
CVE-2004-1769 affects cPanel versions 9.1.0 build 34 and earlier, along with versions from 8.x and earlier.
CVE-2004-1769 is classified as a remote code execution vulnerability that allows attackers to exploit the password reset feature.
Yes, CVE-2004-1769 can be exploited remotely by attackers through the password reset functionality.