CVE-2007-1455 : Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPa

Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.

Published 2007-03-14 18:19:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2007-1455

Cpanel-host » Fantastico De Luxe
cpe:2.3:a:cpanel-host:fantastico_de_luxe:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-1455

EPSS FAQ

4.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-1455

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2007-1455

Jump to

Vulnerability Details : CVE-2007-1455

Products affected by CVE-2007-1455

Exploit prediction scoring system (EPSS) score for CVE-2007-1455

CVSS scores for CVE-2007-1455

References for CVE-2007-1455