Although we are really doing our very best to make SysCP a secure product, we are also just human beings and nobody's perfect.

Because we are part of the Open Source community, we are also handling security questions and issues in an Open Source manner. Therefore we will show you all known security flaws on this page immediately after we got knowlegde about them on this site.

If you found any security issues within SysCP, please don't hesitate and contact us at security@syscp.org.

These vulnerabilites have been found in the history of SysCP:

• Ability to inject and execute any code as root in SysCP
  Affecting SysCP 1.2.3 to 1.2.15, instructions how to patch inside
• Code injection into Apache-Configfile (vhosts.conf)
  Affecting all versions up to SysCP 1.2.13
• Advisory 13/2005 written by Christopher Kunz from the hardened-php.net project
  Affecting all versions up to SysCP 1.2.10