6.8
CVE-2008-6926
- EPSS 4.02%
- Veröffentlicht 10.08.2009 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:03:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDirectory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.02% | 0.893 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
http://www.netenberg.com/forum/index.php?topic=6832
http://www.securityfocus.com/archive/1/497964/100/0/threaded
http://www.securityfocus.com/archive/1/498519
http://www.securityfocus.com/archive/1/498526
http://www.securityfocus.com/archive/1/498529
http://www.securityfocus.com/archive/1/498529/100/0/threaded
http://www.securityfocus.com/bid/32016
https://exchange.xforce.ibmcloud.com/vulnerabilities/46252
https://www.exploit-db.com/exploits/6897