Vulnerabilities > CVE-2007-1455 - File-Upload vulnerability in Fantastico De Luxe
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | cPanel <= 10.9.x (fantastico) Local File Inclusion Vulnerabilities. CVE-2007-1455. Webapps exploit for php platform |
id | EDB-ID:3459 |
last seen | 2016-01-31 |
modified | 2007-03-11 |
published | 2007-03-11 |
reporter | cyb3rt & 020 |
source | https://www.exploit-db.com/download/3459/ |
title | cPanel <= 10.9.x fantastico Local File Inclusion Vulnerabilities |