CVE-2007-1455

Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.

Published: Mar 14, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-1455
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cpanel-host / fantastico_de_luxe	-	-

http://osvdb.org/35036
http://osvdb.org/35037
http://securityreason.com/securityalert/2420
http://www.securityfocus.com/archive/1/462562/100/0/threaded

Vulnerability Database

290,206

CVE-2007-1455