Arbitrary Code Execution via Allow cPanel Users to Reset Password via Email Feature in cPanel 9.1.0 Build 34 and Earlier

Arbitrary Code Execution via Allow cPanel Users to Reset Password via Email Feature in cPanel 9.1.0 Build 34 and Earlier

CVE-2004-1769 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.

Learn more about our User Device Pen Test.