There’s no doubt that the ubiquitous “forgot your password?” feature has helped many users who’ve misplaced their password or otherwise forgotten it, however—the tradeoff is that it can result in bugs that help bad actors.
As demonstrated in this article, an attacker can use cPanel’s “forgot your password?” feature to reset a user password and obtain further access to an already compromised website.
Malicious File Used to Access Hosting Environment
One of our analysts discovered a malicious file on a compromised website’s hosting environment.
Source: Scuri check