CVE-2007-1455

Sažetak

Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.

Reference

http://osvdb.org/35036
http://osvdb.org/35037
http://securityreason.com/securityalert/2420
http://www.securityfocus.com/archive/1/462562/100/0/threaded

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-10-2018 - 16:38

Objavljeno

14-03-2007 - 18:19