Vulnerabilities > Ispconfig
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-27 | CVE-2023-46818 | Code Injection vulnerability in Ispconfig An issue was discovered in ISPConfig before 3.2.11p1. | 7.2 |
2021-01-05 | CVE-2021-3021 | SQL Injection vulnerability in Ispconfig ISPConfig before 3.2.2 allows SQL injection. | 7.5 |
2020-02-25 | CVE-2020-9398 | SQL Injection vulnerability in Ispconfig ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. | 9.3 |
2020-02-07 | CVE-2013-3629 | Unspecified vulnerability in Ispconfig 3.0.5.2 ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution | 6.5 |
2020-01-23 | CVE-2012-2087 | Incorrect Permission Assignment for Critical Resource vulnerability in Ispconfig 3.0.4.3 ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | 7.5 |
2018-10-04 | CVE-2018-17984 | Incorrect Regular Expression vulnerability in Ispconfig An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. | 4.6 |
2017-12-07 | CVE-2017-17384 | Improper Privilege Management vulnerability in Ispconfig ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. | 9.0 |
2015-06-15 | CVE-2015-4119 | Cross-Site Request Forgery (CSRF) vulnerability in Ispconfig 3.0.5.4 Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php. | 6.8 |
2015-06-15 | CVE-2015-4118 | SQL Injection vulnerability in Ispconfig 3.0.5.4 SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. | 6.5 |