Secunia
Login
|
|
CVE Reference: CVE-2007-0850 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-0850 |
|
|
Description: scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/32330 SAID Secunia Advisory: SA24102 OSVDB 33127 CONFIRM http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/459397/100/0/threaded BID 22454 |
|
| Return to the previous page. |
