Vulnerabilities > CVE-2004-1770 - Remote Command Execution vulnerability in cPanel Login Script

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
cpanel
critical
nessus
exploit available

Summary

The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.

Exploit-Db

descriptioncPanel 5/6/7/8/9 Login Script Remote Command Execution Vulnerability. CVE-2004-1770. Webapps exploit for cgi platform
idEDB-ID:23807
last seen2016-02-02
modified2004-03-12
published2004-03-12
reporterArab VieruZ
sourcehttps://www.exploit-db.com/download/23807/
titlecPanel 5/6/7/8/9 Login Script Remote Command Execution Vulnerability

Nessus

NASL familyCGI abuses
NASL idCPANEL_LOGIN_CMD_EXEC.NASL
descriptionThe version of cPanel installed on the remote host is version 9.1.0 (or earlier) and thus reportedly affected by multiple issues: - The dohtaccess.html script fails to sanitize input supplied by a user and is affected by a cross-site scripting vulnerability. (CVE-2004-2308) - Both the Login Page and resetpass functionality fail to sanitize user input and can be manipulated to execute arbitrary commands (CVE-2004-1769 & CVE-2004-1770). For example, the following URL demonstrates the id command being executed: http://www.example.com:2082/login/?user=|
last seen2020-06-01
modified2020-06-02
plugin id12097
published2004-03-14
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/12097
titlecPanel <= 9.1.0 Multiple Vulnerabilities