Lucene search

[email protected]CVE-2007-0849

HistoryFeb 08, 2007 - 6:28 p.m.

CVE-2007-0849

2007-02-0818:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0849

syscp

cronscript.php

local privilege escalation

security vulnerability

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568.

CPENameOperatorVersion
syscp_team:syscpsyscp team syscple1.2.15

CPE	Name	Operator	Version
syscp_team:syscp	syscp team syscp	le	1.2.15

References

osvdb.org/33128

secunia.com/advisories/24102

www.securityfocus.com/archive/1/459397/100/0/threaded

www.securityfocus.com/bid/22453

www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2007-0849

prion1 cve1 nessus1 securityvulns1