fkie_nvd - fkie_cve-2008-6843

fkie_cve-2008-6843

Vulnerability from fkie_nvd

Published

2009-07-02 10:30

Modified

2024-11-21 00:57

Severity ?

Summary

Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/archive/1/498814/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/32578	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/46991
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/498814/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32578	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46991

Impacted products

Vendor	Product	Version
netenberg	fantastico_de_luxe	*
cpanel	cpanel	11
cpanel	cpanel	11.4.19
cpanel	cpanel	11.8.6
cpanel	cpanel	11.8.6_stable
cpanel	cpanel	11.16
cpanel	cpanel	11.18
cpanel	cpanel	11.18.1
cpanel	cpanel	11.18.2
cpanel	cpanel	11.18.3
cpanel	cpanel	11.18.4
cpanel	cpanel	11.19.3
cpanel	cpanel	11.21
cpanel	cpanel	11.21
cpanel	cpanel	11.22
cpanel	cpanel	11.22.1
cpanel	cpanel	11.22.2
cpanel	cpanel	11.22.3
cpanel	cpanel	11.23.1
cpanel	cpanel	11.23.1_current

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54FEA113-975A-4252-9418-64F11FF98E32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFCB83D-77D1-4782-8741-C6AD089DE488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC97216-E9A0-467B-86D7-8F4DB146220C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.8.6:stable:*:*:*:*:*:*",
              "matchCriteriaId": "3CB69DCF-617E-4E3F-8494-9C74626DF262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.8.6_stable:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E24B1A-A25F-4ADB-906B-A346F782E821",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E3919CF-D66F-4713-8E34-F4C9E9EDFB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF562242-C032-4D52-9464-91EF5C9EEA9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80AD4CE4-714E-4949-B676-F1F692172773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FAC2F2A-3A9C-4B7D-8B20-4DBEB6DF9532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A19523-B3B1-48E6-A202-CEB1CBD2DDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.18.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "064D2D20-2410-4BF5-BEAB-B0FEA6858814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04480CFC-EA47-4723-B23D-0C415598D254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "80CEE914-DB4B-4777-B8BD-A8EAE6526E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.21:beta:*:*:*:*:*:*",
              "matchCriteriaId": "5BB81672-314F-49D4-AD9E-CA8D1A14CD45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "67891987-C727-45FF-B027-11B25D2849D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "011314F7-1977-453B-B308-DB776DF604E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "051B4B2E-BF9B-4EA8-973B-6D96A1618F24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3915A3-45AA-4B53-9990-2FED41439D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.23.1:current:*:*:*:*:*:*",
              "matchCriteriaId": "45F18137-728C-421A-BF9D-15CB576F67CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:11.23.1_current:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1C35162-E9F6-4B8F-925E-19E5779095D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en index.php en Fantastico, utilizado con cPanel v11.x,  permite a los atacantes remotos leer arbitrariamente archivos a trav\u00e9s de ..(punto punto) en el par\u00e1metro sup3r."
    }
  ],
  "id": "CVE-2008-6843",
  "lastModified": "2024-11-21T00:57:36.297",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-07-02T10:30:00.217",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/32578"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/32578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2008-6843

Vulnerability from cvelistv5

Published

2009-07-02 10:00