CVE-2007-0850

Name of the Vulnerable Software and Affected Versions: SysCP versions 1.2.15 and earlier

Description: The issue allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to the panel cronscript table in the SysCP database. This is possible because the scripts/cronscript.php file in SysCP includes and executes arbitrary PHP scripts referenced by this table.

Recommendations: For SysCP versions 1.2.15 and earlier, consider restricting database write privileges to prevent attackers from modifying the panel cronscript table until a fix is available. As a temporary workaround, monitor the panel cronscript table for any suspicious entries and remove them promptly to minimize the risk of exploitation.