SysCP 1.2.x - Multiple Script Execution Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055330 漏洞类型
发布时间 2005-08-08 更新时间 2005-08-08
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/26103
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14490/info

SysCP is affected by multiple script execution vulnerabilities.

The following specific vulnerabilities were identified:

The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute it in the context of an affected server.

Another script code execution vulnerability may allow an attacker to call arbitrary functions and scripts by bypassing a PHP eval() statement.

SysCP 1.2.10 and prior versions are prone to these vulnerabilities.

The following string is sufficient to bypass the eval() call:
{${phpinfo();}}