Published: 08/02/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

scripts/cronscript.php in SysCP 1.2.15 and previous versions does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568.

Vulnerable Product	Search on Vulmon	Subscribe to Product
syscp team syscp

source: wwwsecurityfocuscom/bid/22453/info SysCP is prone to an arbitrary code-execution vulnerability An attacker can exploit this issue to execute arbitrary commands with superuser privileges, resulting in the compromise of the computer NOTE: To exploit this issue, an attacker must have authenticated access to a customer control pan ...

NVD-CWE-Other http://www.securityfocus.com/bid/22453 http://secunia.com/advisories/24102 http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP http://osvdb.org/33128 http://www.securityfocus.com/archive/1/459397/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/29571/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0849

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect