CVE-2004-1769

cPanel <= 9.1.0 build 34 - Remote Code Execution via Reset Password User Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2004-1769. PoCs published by Arab VieruZ, sinkaroid, Redsplit.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in cPanel's password reset script due to insufficient input sanitization. An attacker can execute arbitrary commands by injecting shell metacharacters into the 'user' parameter of the URI.

Description

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Arab VieruZ · textremotecgi
https://www.exploit-db.com/exploits/23804

This exploit demonstrates a command injection vulnerability in cPanel's password reset script due to insufficient input sanitization. An attacker can execute arbitrary commands by injecting shell metacharacters into the 'user' parameter of the URI.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: cPanel (version not specified)
No auth needed
Prerequisites: Access to the cPanel reset password endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by sinkaroid · poc
https://github.com/sinkaroid/shiguresh

This repository contains a functional exploit for CVE-2004-1769, targeting cPanel's password reset feature. The bash script automates the process of sending crafted requests to reset passwords via email, while the PHP script facilitates the exploitation by writing to cPanel contact files.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: cPanel 9.1.0 build 34 and earlier, including 8.x
No auth needed
Prerequisites: List of target URLs · Email setup for sending logs
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by Redsplit · poc
https://github.com/Redsplit/shiguresh

This repository contains a functional exploit for CVE-2004-1769, targeting cPanel's password reset feature. The exploit uses a bash script to automate the process of resetting cPanel user passwords via a crafted request, leveraging the vulnerability in the 'user' parameter.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: cPanel 9.1.0 build 34 and earlier, including 8.x
No auth needed
Prerequisites: List of target URLs · Email address for password reset
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/831534
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107904890724201&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15443
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9848
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11111

Scores

EPSS 0.3026
EPSS Percentile 98.0%

Details

Status published
Products (12)
cpanel/cpanel 5.0
cpanel/cpanel 5.3
cpanel/cpanel 6.0
cpanel/cpanel 6.2
cpanel/cpanel 6.4
cpanel/cpanel 6.4.1
cpanel/cpanel 6.4.2
cpanel/cpanel 6.4.2_stable_48
cpanel/cpanel 7.0
cpanel/cpanel 8.0
... and 2 more
Published Mar 11, 2004
Tracked Since Feb 18, 2026