Syscp Team : Security Vulnerabilities, CVEs,
scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.
Max CVSS
7.5
EPSS Score
1.06%
Published
2007-02-08
Updated
2018-10-16
scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-02-08
Updated
2018-10-16
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.
Max CVSS
7.5
EPSS Score
0.89%
Published
2005-08-16
Updated
2016-10-18
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.
Max CVSS
7.5
EPSS Score
1.22%
Published
2005-08-16
Updated
2016-10-18
4 vulnerabilities found