CVE-2007-0849

Name of the Vulnerable Software and Affected Versions: SysCP versions 1.2.15 and earlier

Description: The issue arises from improper quoting of pathnames in user home directories by the cronscript.php script. This allows local users to elevate privileges by inserting shell metacharacters into a directory name and then using the control panel to protect that directory.

Recommendations: For SysCP versions 1.2.15 and earlier, consider restricting access to the cronscript.php script until a proper fix is applied, and avoid using the control panel to protect directories with potentially malicious names.