CVE-2007-0850 - OpenCVE

scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Syscp Team	Syscp

Configuration 1 [-]

OR	cpe:2.3:a:syscp_team:syscp:1.2.10:::::::*
	cpe:2.3:a:syscp_team:syscp:1.2.15:::::::*

References

Link	Resource
http://osvdb.org/33127
http://secunia.com/advisories/24102
http://www.securityfocus.com/archive/1/459397/100/0/threaded
http://www.securityfocus.com/bid/22454	Exploit Vendor Advisory
http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP
https://exchange.xforce.ibmcloud.com/vulnerabilities/32330

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-08T18:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-02-08T00:00:00

Link: CVE-2007-0850

JSON object: View

NVD Information

Status : Modified

Published: 2007-02-08T18:28:00.000

Modified: 2018-10-16T16:34:54.937

Link: CVE-2007-0850

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-07T00:00:00", "descriptions": [{"lang": "en", "value": "scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "33127", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33127"}, {"name": "22454", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22454"}, {"name": "20070207 Ability to inject and execute any code as root in SysCP", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/459397/100/0/threaded"}, {"name": "syscp-cronscript-code-execution(32330)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32330"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP"}, {"name": "24102", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24102"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0850", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "33127", "refsource": "OSVDB", "url": "http://osvdb.org/33127"}, {"name": "22454", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22454"}, {"name": "20070207 Ability to inject and execute any code as root in SysCP", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459397/100/0/threaded"}, {"name": "syscp-cronscript-code-execution(32330)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32330"}, {"name": "http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP", "refsource": "CONFIRM", "url": "http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP"}, {"name": "24102", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24102"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0850", "datePublished": "2007-02-08T18:00:00", "dateReserved": "2007-02-08T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:syscp_team:syscp:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "3034B734-7033-4D45-8CE2-CADEDD45C498", "vulnerable": true}, {"criteria": "cpe:2.3:a:syscp_team:syscp:1.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "1A297557-9099-40C8-83C4-99093C05C7BE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table."}, {"lang": "es", "value": "scripts/cronscript.php en SysCP 1.2.15 y anteriores incluye y ejecuta secuencias de comandos PHP de su elecci\u00f3n a que son referenciados por la tabla panel_cronscript en la base de datos SysCP, lo cual permite a los atacantes con una base de datos escribir privilegios para ejecutar c\u00f3digo de su elecci\u00f3n construyendo un archivo PHP y agregando su nombre de fichero a esta tabla.\r\n"}], "id": "CVE-2007-0850", "lastModified": "2018-10-16T16:34:54.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-08T18:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33127"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24102"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/459397/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/22454"}, {"source": "cve@mitre.org", "url": "http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32330"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}