CVE-2007-1455
Fantastico De Luxe - Authenticated Path Traversal via userlanguage or fantasticopath Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1455. PoCs published by cyb3rt & 020.
AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in Fantastico (CVE-2007-1455) affecting cPanel 10.x. It allows an attacker to include arbitrary files via the 'userlanguage' or 'fantasticopath' parameters, leading to remote code execution or information disclosure.
Description
Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
Exploits (1)
This exploit demonstrates a local file inclusion vulnerability in Fantastico (CVE-2007-1455) affecting cPanel 10.x. It allows an attacker to include arbitrary files via the 'userlanguage' or 'fantasticopath' parameters, leading to remote code execution or information disclosure.