[] NeoSense
E X P L O I T S
title author type platform port cve id

SysCP 1.2.x - Multiple Script Execution Vulnerabilities

Author: Christopher Kunz
type: webapps
platform: php
port: 
date_added: 2005-08-08 
date_updated: 2013-06-11 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/14490/info

SysCP is affected by multiple script execution vulnerabilities.

The following specific vulnerabilities were identified:

The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute it in the context of an affected server.

Another script code execution vulnerability may allow an attacker to call arbitrary functions and scripts by bypassing a PHP eval() statement.

SysCP 1.2.10 and prior versions are prone to these vulnerabilities.

The following string is sufficient to bypass the eval() call:
{${phpinfo();}}
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.