[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-6926

Date: (C)2009-08-10   (M)2017-10-04
 
CVSS Score: 6.8Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.

Reference:
http://www.securityfocus.com/archive/1/archive/1/497964/100/0/threaded
http://www.securityfocus.com/archive/1/498526
http://www.securityfocus.com/archive/1/498529
http://www.securityfocus.com/archive/1/archive/1/498529/100/0/threaded
BID-32016
EXPLOIT-DB-6897
cpanel-autoinstall-file-include(46252)
http://www.netenberg.com/forum/index.php?topic=6832

CWE    1
CWE-22

© 2013 SecPod Technologies