SysCP 1.2.x – Multiple Script Execution Vulnerabilities

SysCP 1.2.x – Multiple Script Execution Vulnerabilities

漏洞ID 1055330 漏洞类型
发布时间 2005-08-08 更新时间 2005-08-08
图片[1]-SysCP 1.2.x – Multiple Script Execution Vulnerabilities-安全小百科CVE编号 N/A
图片[2]-SysCP 1.2.x – Multiple Script Execution Vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/26103
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14490/info

SysCP is affected by multiple script execution vulnerabilities.

The following specific vulnerabilities were identified:

The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute it in the context of an affected server.

Another script code execution vulnerability may allow an attacker to call arbitrary functions and scripts by bypassing a PHP eval() statement.

SysCP 1.2.10 and prior versions are prone to these vulnerabilities.

The following string is sufficient to bypass the eval() call:
{${phpinfo();}}

相关推荐: Auerswald COMsuite CTI应用程序弱默认密码漏洞

Auerswald COMsuite CTI应用程序弱默认密码漏洞 漏洞ID 1202212 漏洞类型 配置错误 发布时间 2003-12-31 更新时间 2003-12-31 CVE编号 CVE-2003-1457 CNNVD-ID CNNVD-200312…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享