Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6926

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6926
Last Modified 25 Aug 2009 01:20:52
Published 10 Aug 2009 04:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6926

Summary

Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.

Vulnerable Systems

Application

  • Netenberg Fantastico De Luxe


References

XF - cpanel-autoinstall-file-include(46252)

BID - 32016

BUGTRAQ - 20081120 Re: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani

BUGTRAQ - 20081031 Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani

BUGTRAQ - 20081120 Re: Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani

BUGTRAQ - 20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani

CONFIRM - http://www.netenberg.com/forum/index.php?topic=6832

MILW0RM - 6897


Last Updated: 27 May 2016 10:49:24