Vulnerabilities (CVE)

Filtered by vendor Syscp Team Subscribe
Filtered by product Syscp
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0850 1 Syscp Team 1 Syscp 2024-02-28 7.5 HIGH N/A
scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.
CVE-2007-0849 1 Syscp Team 1 Syscp 2024-02-28 7.2 HIGH N/A
scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568.
CVE-2005-2568 1 Syscp Team 1 Syscp 2024-02-28 7.5 HIGH N/A
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.
CVE-2005-2567 1 Syscp Team 1 Syscp 2024-02-28 7.5 HIGH N/A
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.