製品・ソフトウェアに関する情報

JVN脆弱性詳細

cPanel 用の Fantastico De Luxe モジュールにおけるディレクトリトラバーサルの脆弱性

Title	cPanel 用の Fantastico De Luxe モジュールにおけるディレクトリトラバーサルの脆弱性
Summary	cPanel 用の Fantastico De Luxe モジュールの autoinstall4imagesgalleryupgrade.php には、ディレクトリトラバーサルの脆弱性が存在します。
Possible impacts	第三者により、GoAhead アクションの scriptpath_show パラメータ内のディレクトリトラバーサルシーケンスを介して、任意のローカルファイルをインクルードされる、および実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 10, 2009, midnight
Registration Date	Sept. 25, 2012, 5:27 p.m.
Last Update	Sept. 25, 2012, 5:27 p.m.

Affected System

netenberg

fantastico de luxe

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-6926	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6926
National Vulnerability Database (NVD)
2	CVE-2008-6926	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6926

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
netenberg
1	local file inclusion and cross-site scripting	http://legacy.netenberg.com/forum/index.php?topic=6832

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-6926

Summary	Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
Summary	Una vulnerabilidad de salto de directorio en el archivo autoinstall4imagesgalleryupgrade.php en el Módulo Fantástico De Luxe para cPanel, permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios por medio de secuencias de salto de directorio en el parámetro scriptpath_show en una acción GoAhead. NOTA: este problema solo cruza los límites de privilegios cuando las configuraciones de seguridad, como disable_functions y safe_mode, están activas, ya que la explotación requiere la carga de código ejecutable en un directorio de inicio.
Publication Date	Aug. 11, 2009, 5:30 a.m.
Registration Date	Jan. 29, 2021, 1:51 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:netenberg:fantastico_de_luxe::::::::

Related information, measures and tools

No	URL	refsource
1	http://www.netenberg.com/forum/index.php?topic=6832	cve@mitre.org
2	http://www.securityfocus.com/archive/1/497964/100/0/threaded	cve@mitre.org
3	http://www.securityfocus.com/archive/1/498519	cve@mitre.org
4	http://www.securityfocus.com/archive/1/498526	cve@mitre.org
5	http://www.securityfocus.com/archive/1/498529	cve@mitre.org
6	http://www.securityfocus.com/archive/1/498529/100/0/threaded	cve@mitre.org
7	http://www.securityfocus.com/bid/32016	cve@mitre.org
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/46252	cve@mitre.org
9	https://www.exploit-db.com/exploits/6897	cve@mitre.org
10	http://www.netenberg.com/forum/index.php?topic=6832	af854a3a-2127-422b-91ae-364da2661108
11	http://www.securityfocus.com/archive/1/497964/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/archive/1/498519	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/archive/1/498526	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/archive/1/498529	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securityfocus.com/archive/1/498529/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/bid/32016	af854a3a-2127-422b-91ae-364da2661108
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/46252	af854a3a-2127-422b-91ae-364da2661108
18	https://www.exploit-db.com/exploits/6897	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html