PT-2019-6547 · Syscp · Syscp

Nico Golde

Published

2019-11-07

Updated

2019-11-12

CVE-2010-2476

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions syscp version 1.4.2.1

Description The issue allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.

Recommendations For version 1.4.2.1, consider restricting the ability to modify the documentroot of a domain and the open basedir path to prevent adding arbitrary paths. As a temporary workaround, restrict access to the domain settings to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-2476

Affected Products

Syscp

PT-2019-6547 · Syscp · Syscp

CVE-2010-2476

Weakness Enumeration

Related Identifiers

Affected Products

References · 4