Vulnerabilities > CVE-2007-1455 - File-Upload vulnerability in Fantastico De Luxe

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
cpanel-host
critical
exploit available
NVD
Published: 2007-03-14
Updated: 2018-10-16

Summary

Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.

Vulnerable Configurations

Part Description Count
Application
Cpanel-Host
1

Exploit-Db

descriptioncPanel <= 10.9.x (fantastico) Local File Inclusion Vulnerabilities. CVE-2007-1455. Webapps exploit for php platform
idEDB-ID:3459
last seen2016-01-31
modified2007-03-11
published2007-03-11
reportercyb3rt & 020
sourcehttps://www.exploit-db.com/download/3459/
titlecPanel <= 10.9.x fantastico Local File Inclusion Vulnerabilities

References