CVE-2005-2568

CVE-2005-2568 describes an eval-injection vulnerability in SysCP's template engine affecting SysCP 1.2.10 and earlier. An attacker can supply a string containing code inside { and } that is processed by PHP eval, enabling remote execution of arbitrary PHP. The NVD CVSS data rates impact as PARTIA...

CVE-2007-0849

SysCP 1.2.15 and earlier is affected by CVE-2007-0849: a local privilege escalation caused by improper quoting of pathnames in user home directories. An attacker can place shell metacharacters in a directory name and then use the control panel to protect that directory to gain privileges. This is...

CVE-2005-2567

CVE-2005-2567 affects SysCP 1.2.10 and earlier. The vulnerability is a PHP remote file inclusion via the language parameter, enabling an attacker to execute arbitrary PHP code on the server. The issue is documented in the CVE entry and corroborated by related advisories; no explicit exploit detai...

CVE-2007-0850

CVE-2007-0850 affects SysCP up to version 1.2.15. The flaw resides in scripts/cronscript.php, which can include and execute arbitrary PHP scripts listed in the panel_cronscript table. An attacker with database write privileges can inject a PHP filename into that table to achieve arbitrary code ex...