CVE-2008-6926

Exploit

EPSS 5.58%
Veröffentlicht 10.08.2009 20:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action.  NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netenberg ≫ Fantastico De Luxe

Cpanel ≫ Cpanel

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.58%	0.9

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://www.netenberg.com/forum/index.php?topic=6832

http://www.securityfocus.com/archive/1/497964/100/0/threaded

http://www.securityfocus.com/archive/1/498519

Exploit

http://www.securityfocus.com/archive/1/498526

http://www.securityfocus.com/archive/1/498529

http://www.securityfocus.com/archive/1/498529/100/0/threaded

http://www.securityfocus.com/bid/32016

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/46252

https://www.exploit-db.com/exploits/6897

https://nvd.nist.gov/vuln/detail/CVE-2008-6926