CVE-2007-0850

scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:syscp_team:syscp:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:syscp_team:syscp:1.2.15:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-02-08 18:28

Updated : 2024-02-28 11:01


NVD link : CVE-2007-0850

Mitre link : CVE-2007-0850

CVE.ORG link : CVE-2007-0850


JSON object : View

Products Affected

syscp_team

  • syscp