RSS   Vulnerabilities for 'Fantastico de luxe'   RSS

2007-03-14
 
CVE-2007-1455

CWE-Other
 

 
Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.

 


Copyright 2024, cxsecurity.com

 

Back to Top