CVE-2007-6082

2007-11-2200:00:00

mitre

www.cve.org

7.3 High

AI Score

Confidence

Low

0.127 Low

EPSS

Percentile

95.5%

JSON

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.

References

securityreason.com/securityalert/3388

www.r57.li/exploit.txt

www.securityfocus.com/archive/1/483867/100/0/threaded

www.securityfocus.com/bid/26481

exchange.xforce.ibmcloud.com/vulnerabilities/38543

www.exploit-db.com/exploits/4635