Arbitrary Code Execution via Allow cPanel Users to Reset Password via Email Feature in cPanel 9.1.0 Build 34 and Earlier
CVE-2004-1769 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
Learn more about our User Device Pen Test.