| |
Vulnerability CVE-2006-1119
Published: 2006-03-09 Modified: 2012-02-12
| Description: |
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message. |
Type:
CWE-264 (Permissions, Privileges, and Access Controls)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4/10 |
2.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
http://www.securityfocus.com/archive/1/426957/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/25277
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
