Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1769

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1769
Last Modified 05 Sep 2008 04:42:18
Published 11 Mar 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1769

Summary

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.

Vulnerable Systems

Application

  • Cpanel 5.0

  • Cpanel 5.3

  • Cpanel 6.0

  • Cpanel 6.2

  • Cpanel 6.4

  • Cpanel 6.4.1

  • Cpanel 6.4.2

  • Cpanel 6.4.2 Stable 48

  • Cpanel 7.0

  • Cpanel 8.0

  • Cpanel 9.0

  • Cpanel 9.1


References

CERT-VN - VU#831534

XF - cpanel-resetpass-execute-commands(15443)

BID - 9848

BUGTRAQ - 20040311 Cpanel 8.*.* have a problem ?

SECUNIA - 11111

BUGTRAQ - 20040311 cPanel Secuirty Advisory CPANEL-2004:01-01


Last Updated: 27 May 2016 10:39:10