CVE-2008-6927
cPanel - Cross-Site Scripting via Fantastico De Luxe Module Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-6927. PoCs published by Khashayar Fereidani.
AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerability in cPanel 11.x. The LFI allows an attacker to include arbitrary files by manipulating the 'scriptpath_show' parameter, while the XSS is triggered via multiple vulnerable variables in the 'autoinstall4imagesgalleryupgrade.php' script.
Description
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
Exploits (1)
The exploit demonstrates a Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerability in cPanel 11.x. The LFI allows an attacker to include arbitrary files by manipulating the 'scriptpath_show' parameter, while the XSS is triggered via multiple vulnerable variables in the 'autoinstall4imagesgalleryupgrade.php' script.