CVE-2008-6926

Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.

Published: Aug 10, 2009
Updated: Apr 13, 2023
CVE: CVE-2008-6926
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
netenberg / fantastico_de_luxe	-	-

http://www.netenberg.com/forum/index.php?topic=6832
http://www.securityfocus.com/archive/1/497964/100/0/threaded
http://www.securityfocus.com/archive/1/498519
http://www.securityfocus.com/archive/1/498526
http://www.securityfocus.com/archive/1/498529
http://www.securityfocus.com/archive/1/498529/100/0/threaded
http://www.securityfocus.com/bid/32016
https://exchange.xforce.ibmcloud.com/vulnerabilities/46252
https://www.exploit-db.com/exploits/6897

Vulnerability Database

290,206

CVE-2008-6926