Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote malicious users to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sciurus sciurus hosting panel 2.0.3 |