SYSCP System Control Panel Panel_CronScript Table Local File Include Vulnerability
BID:22454
Info
SYSCP System Control Panel Panel_CronScript Table Local File Include Vulnerability
| Bugtraq ID: | 22454 |
| Class: | Design Error |
| CVE: |
CVE-2007-0850 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 07 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Martin Burchert is credited with the discovery of this issue. |
| Vulnerable: |
SysCP SysCP 1.2.15 SysCP SysCP 1.2.14 SysCP SysCP 1.2.13 SysCP SysCP 1.2.12 SysCP SysCP 1.2.11 SysCP SysCP 1.2.10 SysCP SysCP 1.2.9 SysCP SysCP 1.2.8 SysCP SysCP 1.2.7 SysCP SysCP 1.2.6 SysCP SysCP 1.2.5 SysCP SysCP 1.2.4 SysCP SysCP 1.2.3 |
| Not Vulnerable: |
SysCP SysCP 1.2.16 |
Discussion
SYSCP System Control Panel Panel_CronScript Table Local File Include Vulnerability
SysCP is prone to a local file-include vulnerability.
An attacker can exploit this issue to execute local script code with superuser privileges.
NOTE: To exploit this issue, an attacker would require authenticated access to 'syscp_database'.
SysCP is prone to a local file-include vulnerability.
An attacker can exploit this issue to execute local script code with superuser privileges.
NOTE: To exploit this issue, an attacker would require authenticated access to 'syscp_database'.
Exploit / POC
SYSCP System Control Panel Panel_CronScript Table Local File Include Vulnerability
To exploit this issue,an attacker must have authenticated access to 'syscp-database'.
To exploit this issue,an attacker must have authenticated access to 'syscp-database'.
Solution / Fix
SYSCP System Control Panel Panel_CronScript Table Local File Include Vulnerability
Solution:
The vendor has released version 1.2.16 to address this issue. Please see the references for more information.
SysCP SysCP 1.2.10
SysCP SysCP 1.2.11
SysCP SysCP 1.2.12
SysCP SysCP 1.2.13
SysCP SysCP 1.2.14
SysCP SysCP 1.2.15
SysCP SysCP 1.2.3
SysCP SysCP 1.2.4
SysCP SysCP 1.2.5
SysCP SysCP 1.2.6
SysCP SysCP 1.2.7
SysCP SysCP 1.2.8
SysCP SysCP 1.2.9
Solution:
The vendor has released version 1.2.16 to address this issue. Please see the references for more information.
SysCP SysCP 1.2.10
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.11
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.12
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.13
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.14
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.15
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.3
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.4
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.5
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.6
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.7
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.8
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
SysCP SysCP 1.2.9
-
SysCP syscp-1.2.16.tar.gz
http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz
References
SYSCP System Control Panel Panel_CronScript Table Local File Include Vulnerability
References:
References:
- Home Page (SysCP)
- Ability to inject and execute any code as root in SysCP (Florian Lippert