CVE-2007-0850

Properties

Published:
07.02.2007
Updated:
27.02.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
SysCP Team: SysCP
SysCP Team: SysCP

Vulnerability description

scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/459397/100/0/threaded
BID: http://www.securityfocus.com/bid/22454
SECUNIA: http://secunia.com/advisories/24102
XF: http://xforce.iss.net/xforce/xfdb/32330