Vulnerabilities > Ispconfig
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-46818 | Code Injection vulnerability in Ispconfig An issue was discovered in ISPConfig before 3.2.11p1. | 7.2 |
| 2021-01-05 | CVE-2021-3021 | SQL Injection vulnerability in Ispconfig ISPConfig before 3.2.2 allows SQL injection. | 9.8 |
| 2020-02-25 | CVE-2020-9398 | SQL Injection vulnerability in Ispconfig ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. | 9.8 |
| 2020-02-07 | CVE-2013-3629 | Unspecified vulnerability in Ispconfig 3.0.5.2 ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution | 8.8 |
| 2020-01-23 | CVE-2012-2087 | Incorrect Permission Assignment for Critical Resource vulnerability in Ispconfig 3.0.4.3 ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | 9.8 |
| 2018-10-04 | CVE-2018-17984 | Incorrect Regular Expression vulnerability in Ispconfig An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. | 7.8 |
| 2017-12-07 | CVE-2017-17384 | Improper Privilege Management vulnerability in Ispconfig ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. | 8.8 |