CVE-2008-6843

Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.

Published: Jul 2, 2009
Updated: Apr 13, 2023
CVE: CVE-2008-6843
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
netenberg / fantastico_de_luxe	-	-
cpanel / cpanel	11	11.x
cpanel / cpanel	11.4.19	11.4.19.x
cpanel / cpanel	11.8.6-stable	11.8.6-stable.x
cpanel / cpanel	11.8.6_stable	11.8.6_stable.x
cpanel / cpanel	11.16	11.16.x
cpanel / cpanel	11.18	11.18.x
cpanel / cpanel	11.18.1	11.18.1.x
cpanel / cpanel	11.18.2	11.18.2.x
cpanel / cpanel	11.18.3	11.18.3.x
cpanel / cpanel	11.18.4	11.18.4.x
cpanel / cpanel	11.19.3	11.19.3.x
cpanel / cpanel	11.21	11.21.x
cpanel / cpanel	11.21-beta	11.21-beta.x
cpanel / cpanel	11.22	11.22.x
cpanel / cpanel	11.22.1	11.22.1.x
cpanel / cpanel	11.22.2	11.22.2.x
cpanel / cpanel	11.22.3	11.22.3.x
cpanel / cpanel	11.23.1-current	11.23.1-current.x
cpanel / cpanel	11.23.1_current	11.23.1_current.x

Vulnerability Database

290,020

CVE-2008-6843