← Back

CVE-2008-4181

nvd nist
Published: Sep 23, 2008Modified: Apr 23, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected (133)

Netenberg
1 product
Fantastico De Luxe
Configuration A
133 vulnerable
Vulnerable SoftwareAffected Versions
Netenberg
Fantastico De Luxe
Up to 2.8.8
Fantastico De Luxe
Up to 2.8.2
Fantastico De Luxe
Up to 2.10.0
Fantastico De Luxe
Up to 2.10.4
Fantastico De Luxe
Up to 2.10.2
Fantastico De Luxe
Up to 2.10.0
Fantastico De Luxe
Version 2.10.0 r10
Fantastico De Luxe
Version 2.10.0 r11
Fantastico De Luxe
Version 2.10.0 r12
Fantastico De Luxe
Version 2.10.0 r13
Fantastico De Luxe
Version 2.10.0 r14
Fantastico De Luxe
Version 2.10.0 r15
Fantastico De Luxe
Version 2.10.0 r16
Fantastico De Luxe
Version 2.10.0 r1
Fantastico De Luxe
Version 2.10.0 r2
Fantastico De Luxe
Version 2.10.0 r3
Fantastico De Luxe
Version 2.10.0 r4
Fantastico De Luxe
Version 2.10.0 r5
Fantastico De Luxe
Version 2.10.0 r6
Fantastico De Luxe
Version 2.10.0 r7
Fantastico De Luxe
Version 2.10.0 r9
Fantastico De Luxe
Version 2.10.2 r10
Fantastico De Luxe
Version 2.10.2 r11
Fantastico De Luxe
Version 2.10.2 r12
Fantastico De Luxe
Version 2.10.2 r13
Fantastico De Luxe
Version 2.10.2 r14
Fantastico De Luxe
Version 2.10.2 r15
Fantastico De Luxe
Version 2.10.2 r16
Fantastico De Luxe
Version 2.10.2 r17
Fantastico De Luxe
Version 2.10.2 r18
Fantastico De Luxe
Version 2.10.2 r19
Fantastico De Luxe
Version 2.10.2 r1
Fantastico De Luxe
Version 2.10.2 r20
Fantastico De Luxe
Version 2.10.2 r21
Fantastico De Luxe
Version 2.10.2 r22
Fantastico De Luxe
Version 2.10.2 r23
Fantastico De Luxe
Version 2.10.2 r24
Fantastico De Luxe
Version 2.10.2 r25
Fantastico De Luxe
Version 2.10.2 r26
Fantastico De Luxe
Version 2.10.2 r27
Fantastico De Luxe
Version 2.10.2 r28
Fantastico De Luxe
Version 2.10.2 r29
Fantastico De Luxe
Version 2.10.2 r2
Fantastico De Luxe
Version 2.10.2 r30
Fantastico De Luxe
Version 2.10.2 r31
Fantastico De Luxe
Version 2.10.2 r32
Fantastico De Luxe
Version 2.10.2 r33
Fantastico De Luxe
Version 2.10.2 r34
Fantastico De Luxe
Version 2.10.2 r35
Fantastico De Luxe
Version 2.10.2 r36
Fantastico De Luxe
Version 2.10.2 r37
Fantastico De Luxe
Version 2.10.2 r38
Fantastico De Luxe
Version 2.10.2 r39
Fantastico De Luxe
Version 2.10.2 r3
Fantastico De Luxe
Version 2.10.2 r40
Fantastico De Luxe
Version 2.10.2 r41
Fantastico De Luxe
Version 2.10.2 r42
Fantastico De Luxe
Version 2.10.2 r43
Fantastico De Luxe
Version 2.10.2 r44
Fantastico De Luxe
Version 2.10.2 r45
Fantastico De Luxe
Version 2.10.2 r4
Fantastico De Luxe
Version 2.10.2 r5
Fantastico De Luxe
Version 2.10.2 r6
Fantastico De Luxe
Version 2.10.2 r7
Fantastico De Luxe
Version 2.10.2 r8
Fantastico De Luxe
Version 2.10.2 r9
Fantastico De Luxe
Version 2.10.4 r10
Fantastico De Luxe
Version 2.10.4 r11
Fantastico De Luxe
Version 2.10.4 r12
Fantastico De Luxe
Version 2.10.4 r13
Fantastico De Luxe
Version 2.10.4 r14
Fantastico De Luxe
Version 2.10.4 r15
Fantastico De Luxe
Version 2.10.4 r16
Fantastico De Luxe
Version 2.10.4 r17
Fantastico De Luxe
Version 2.10.4 r1
Fantastico De Luxe
Version 2.10.4 r2
Fantastico De Luxe
Version 2.10.4 r3
Fantastico De Luxe
Version 2.10.4 r4
Fantastico De Luxe
Version 2.10.4 r5
Fantastico De Luxe
Version 2.10.4 r6
Fantastico De Luxe
Version 2.10.4 r7
Fantastico De Luxe
Version 2.10.4 r8
Fantastico De Luxe
Version 2.10.4 r9
Fantastico De Luxe
Version 2.8.2 r10
Fantastico De Luxe
Version 2.8.2 r11
Fantastico De Luxe
Version 2.8.2 r1
Fantastico De Luxe
Version 2.8.2 r2
Fantastico De Luxe
Version 2.8.2 r3
Fantastico De Luxe
Version 2.8.2 r4
Fantastico De Luxe
Version 2.8.2 r5
Fantastico De Luxe
Version 2.8.2 r6
Fantastico De Luxe
Version 2.8.2 r7
Fantastico De Luxe
Version 2.8.2 r8
Fantastico De Luxe
Version 2.8.2 r9
Fantastico De Luxe
Version 2.8.4 r1
Fantastico De Luxe
Version 2.8.4 r2
Fantastico De Luxe
Version 2.8.4 r3
Fantastico De Luxe
Version 2.8.4 r4
Fantastico De Luxe
Version 2.8.4 r5
Fantastico De Luxe
Version 2.8.4 r6
Fantastico De Luxe
Version 2.8.4 r7
Fantastico De Luxe
Version 2.8.6 r1
Fantastico De Luxe
Version 2.8.6 r2
Fantastico De Luxe
Version 2.8.6 r3
Fantastico De Luxe
Version 2.8.8 r10
Fantastico De Luxe
Version 2.8.8 r1
Fantastico De Luxe
Version 2.8.8 r2
Fantastico De Luxe
Version 2.8.8 r3
Fantastico De Luxe
Version 2.8.8 r4
Fantastico De Luxe
Version 2.8.8 r5
Fantastico De Luxe
Version 2.8.8 r6
Fantastico De Luxe
Version 2.8.8 r7
Fantastico De Luxe
Version 2.8.8 r8
Fantastico De Luxe
Version 2.8.8 r9
Fantastico De Luxe
Version 2.8.r10
Fantastico De Luxe
Version 2.8.r11
Fantastico De Luxe
Version 2.8.r12
Fantastico De Luxe
Version 2.8.r13
Fantastico De Luxe
Version 2.8.r14
Fantastico De Luxe
Version 2.8.r15
Fantastico De Luxe
Version 2.8.r16
Fantastico De Luxe
Version 2.8.r17
Fantastico De Luxe
Version 2.8.r18
Fantastico De Luxe
Version 2.8.r19
Fantastico De Luxe
Version 2.8.r1
Fantastico De Luxe
Version 2.8.r2
Fantastico De Luxe
Version 2.8.r3
Fantastico De Luxe
Version 2.8.r4
Fantastico De Luxe
Version 2.8.r5
Fantastico De Luxe
Version 2.8.r6
Fantastico De Luxe
Version 2.8.r7
Fantastico De Luxe
Version 2.8.r8
Fantastico De Luxe
Version 2.8.r9

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (12)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.