CVE-2007-6082

Sciurus Hosting Panel - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6082. PoCs published by Liz0ziM.

AI-analyzed exploit summary This exploit targets a code injection vulnerability in Sciurus Hosting Panel, allowing an attacker to inject arbitrary PHP code via the 'savenews.php' endpoint. The injected code is then accessible at 'includes/news.php', enabling remote code execution.

Description

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Liz0ziM · phpwebappsphp

https://www.exploit-db.com/exploits/4635

View Code ZIP pw:eip

This exploit targets a code injection vulnerability in Sciurus Hosting Panel, allowing an attacker to inject arbitrary PHP code via the 'savenews.php' endpoint. The injected code is then accessible at 'includes/news.php', enabling remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Sciurus Hosting Panel (version not specified)

No auth needed

Prerequisites: Target URL with vulnerable 'savenews.php' endpoint · Ability to send HTTP POST requests to the target

MITRE ATT&CK