Vulnerability Details CVE-2007-1455
Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.4%
CVSS Severity
CVSS v2 Score 9.0
References
- http://osvdb.org/35036
- http://osvdb.org/35037
- http://securityreason.com/securityalert/2420
- http://www.securityfocus.com/archive/1/462562/100/0/threaded
- http://osvdb.org/35036
- http://osvdb.org/35037
- http://securityreason.com/securityalert/2420
- http://www.securityfocus.com/archive/1/462562/100/0/threaded
Products affected by CVE-2007-1455
-
cpe:2.3:a:cpanel-host:fantastico_de_luxe:*