Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SYSCP'scripts/cronscript.php' 本地文件包含漏洞
Vulnerability Description
SysCP 1.2.15版本及其早期版本的scripts/cronscript.php包含并执行任意任意PHP脚本,且此PHP脚本涉及SysCP数据库中的panel_cronscript数据库,这会允许具有数据库写入特权的远程攻击者通过构建一个PHP文件并向该表格添加文件名,执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A