CVE-2007-1455

Fantastico De Luxe - Authenticated Path Traversal via userlanguage or fantasticopath Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1455. PoCs published by cyb3rt & 020.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in Fantastico (CVE-2007-1455) affecting cPanel 10.x. It allows an attacker to include arbitrary files via the 'userlanguage' or 'fantasticopath' parameters, leading to remote code execution or information disclosure.

Description

Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by cyb3rt & 020 · textwebappsphp
https://www.exploit-db.com/exploits/3459

This exploit demonstrates a local file inclusion vulnerability in Fantastico (CVE-2007-1455) affecting cPanel 10.x. It allows an attacker to include arbitrary files via the 'userlanguage' or 'fantasticopath' parameters, leading to remote code execution or information disclosure.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Fantastico (cPanel 10.x and earlier)
Auth required
Prerequisites: Valid cPanel credentials · Access to the target server's file system
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462562/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35036
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2420
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35037

Scores

EPSS 0.0660
EPSS Percentile 93.0%

Details

Status published
Products (1)
cpanel-host/fantastico_de_luxe
Published Mar 14, 2007
Tracked Since Feb 18, 2026