CVE-2007-0850 in SysCPinfo

Summary

scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

Reservation

02/08/2007

Disclosure

02/08/2007

Moderation

VulDB entry created

Entries

VDB-34922

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

7.3

EPSS

0.00898

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-0850
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-0850
CVE Details	https://www.cvedetails.com/cve/CVE-2007-0850/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!