• info
• discussion
• exploit
• solution
• references

SysCP Multiple Script Execution Vulnerabilities

An exploit is not required.

The following string is sufficient to bypass the eval() call:
{${phpinfo();}}