CVE-2004-1769

cPanel <9.1.0.34 - RCE

Title source: llm

Description

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Arab VieruZ · textremotecgi

https://www.exploit-db.com/exploits/23804

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by sinkaroid · poc

https://github.com/sinkaroid/shiguresh

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Redsplit · poc

https://github.com/Redsplit/shiguresh

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/831534

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=107904890724201&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15443

Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9848

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/11111

Scores

EPSS 0.0504

EPSS Percentile 89.8%

Details

Status published

Products (12)

cpanel/cpanel 5.0

cpanel/cpanel 5.3

cpanel/cpanel 6.0

cpanel/cpanel 6.2

cpanel/cpanel 6.4

cpanel/cpanel 6.4.1

cpanel/cpanel 6.4.2

cpanel/cpanel 6.4.2_stable_48

cpanel/cpanel 7.0

cpanel/cpanel 8.0

... and 2 more

Published Mar 11, 2004

Tracked Since Feb 18, 2026