scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-02-08 18:28
Updated : 2024-02-28 11:01
NVD link : CVE-2007-0850
Mitre link : CVE-2007-0850
CVE.ORG link : CVE-2007-0850
JSON object : View
Products Affected
syscp_team
- syscp
CWE