Fantastico De Luxe CVE-2007-1455 File-Upload Vulnerability

Fantastico De Luxe CVE-2007-1455 File-Upload Vulnerability

Fantastico De Luxe is prone to a file-upload vulnerability. Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.