Lucene search

[email protected]CVE-2007-1455

HistoryMar 14, 2007 - 6:19 p.m.

CVE-2007-1455

2007-03-1418:19:00

[email protected]

web.nvd.nist.gov

cve

2007

1455

path traversal

fantastico

cpanel

security vulnerability

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.5%

JSON

Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.

Affected configurations

NVD

Node

cpanel-hostfantastico_de_luxe

CPENameOperatorVersion
cpanel-host:fantastico_de_luxecpanel-host fantastico de luxeeq*

CPE	Name	Operator	Version
cpanel-host:fantastico_de_luxe	cpanel-host fantastico de luxe	eq	*

References

osvdb.org/35036

osvdb.org/35037

securityreason.com/securityalert/2420

www.securityfocus.com/archive/1/462562/100/0/threaded

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.5%

JSON

Related for CVE-2007-1455

cvelist1 nvd1 prion1 securityvulns1