CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-0850

scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 75.2%

CVSS Severity

CVSS v2 Score 7.5

References

http://osvdb.org/33127
http://secunia.com/advisories/24102
http://www.securityfocus.com/archive/1/459397/100/0/threaded
http://www.securityfocus.com/bid/22454
http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP
https://exchange.xforce.ibmcloud.com/vulnerabilities/32330
http://osvdb.org/33127
http://secunia.com/advisories/24102
http://www.securityfocus.com/archive/1/459397/100/0/threaded
http://www.securityfocus.com/bid/22454
http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP
https://exchange.xforce.ibmcloud.com/vulnerabilities/32330

Products affected by CVE-2007-0850

Syscp Team » Syscp » Version: 1.2.10

cpe:2.3:a:syscp_team:syscp:1.2.10
Syscp Team » Syscp » Version: 1.2.15

cpe:2.3:a:syscp_team:syscp:1.2.15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-0850

Products

Pricing

Contact Us