CVE-2006-1119

medium

Description

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25277

http://www.securityfocus.com/archive/1/426957/100/0/threaded

Details

Source: Mitre, NVD

Published: 2006-03-09

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N