CVE-2008-6843

Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/498814/100/0/threaded
http://www.securityfocus.com/bid/32578	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46991
http://www.securityfocus.com/archive/1/498814/100/0/threaded
http://www.securityfocus.com/bid/32578	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46991

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:netenberg:fantastico_de_luxe:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:cpanel:cpanel:11:::::::*
	cpe:2.3:a:cpanel:cpanel:11.4.19:::::::*
	cpe:2.3:a:cpanel:cpanel:11.8.6:stable::::::
	cpe:2.3:a:cpanel:cpanel:11.8.6_stable:::::::*
	cpe:2.3:a:cpanel:cpanel:11.16:::::::*
	cpe:2.3:a:cpanel:cpanel:11.18:::::::*
	cpe:2.3:a:cpanel:cpanel:11.18.1:::::::*
	cpe:2.3:a:cpanel:cpanel:11.18.2:::::::*
	cpe:2.3:a:cpanel:cpanel:11.18.3:::::::*
	cpe:2.3:a:cpanel:cpanel:11.18.4:::::::*
	cpe:2.3:a:cpanel:cpanel:11.19.3:::::::*
	cpe:2.3:a:cpanel:cpanel:11.21:::::::*
	cpe:2.3:a:cpanel:cpanel:11.21:beta::::::
	cpe:2.3:a:cpanel:cpanel:11.22:::::::*
	cpe:2.3:a:cpanel:cpanel:11.22.1:::::::*
	cpe:2.3:a:cpanel:cpanel:11.22.2:::::::*
	cpe:2.3:a:cpanel:cpanel:11.22.3:::::::*
	cpe:2.3:a:cpanel:cpanel:11.23.1:current::::::
	cpe:2.3:a:cpanel:cpanel:11.23.1_current:::::::*

History

21 Nov 2024, 00:57

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/archive/1/498814/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/498814/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/32578 - Exploit~~	() http://www.securityfocus.com/bid/32578 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/46991 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/46991 -

Information

Published : 2009-07-02 10:30

Updated : 2024-11-21 00:57

NVD link : CVE-2008-6843

Mitre link : CVE-2008-6843

CVE.ORG link : CVE-2008-6843

JSON object : View

Products Affected

netenberg

fantastico_de_luxe

cpanel

cpanel

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

5.0 /10