14 lines
No EOL
643 B
Text
14 lines
No EOL
643 B
Text
source: http://www.securityfocus.com/bid/14490/info
|
|
|
|
SysCP is affected by multiple script execution vulnerabilities.
|
|
|
|
The following specific vulnerabilities were identified:
|
|
|
|
The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute it in the context of an affected server.
|
|
|
|
Another script code execution vulnerability may allow an attacker to call arbitrary functions and scripts by bypassing a PHP eval() statement.
|
|
|
|
SysCP 1.2.10 and prior versions are prone to these vulnerabilities.
|
|
|
|
The following string is sufficient to bypass the eval() call:
|
|
{${phpinfo();}} |