Description
Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by cyb3rt & 020 · textwebappsphp
https://www.exploit-db.com/exploits/3459
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462562/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35036
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2420
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35037
Scores
EPSS
0.0311
EPSS Percentile
86.9%
Details
Status
published
Products (1)
cpanel-host/fantastico_de_luxe
Published
Mar 14, 2007
Tracked Since
Feb 18, 2026