PT-2007-2292 · Syscp · Syscp

Published

2007-02-08

Updated

2018-10-16

CVE-2007-0849

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: SysCP versions 1.2.15 and earlier

Description: The issue arises from improper quoting of pathnames in user home directories by the cronscript.php script. This allows local users to elevate privileges by inserting shell metacharacters into a directory name and then using the control panel to protect that directory.

Recommendations: For SysCP versions 1.2.15 and earlier, consider restricting access to the cronscript.php script until a proper fix is applied, and avoid using the control panel to protect directories with potentially malicious names.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0849

Affected Products

Syscp

PT-2007-2292 · Syscp · Syscp

CVE-2007-0849

Related Identifiers

Affected Products

References · 7