Vulnerabilities > Ispconfig

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-27	CVE-2023-46818	Code Injection vulnerability in Ispconfig An issue was discovered in ISPConfig before 3.2.11p1. network low complexity ispconfig CWE-94	7.2
2021-01-05	CVE-2021-3021	SQL Injection vulnerability in Ispconfig ISPConfig before 3.2.2 allows SQL injection. network low complexity ispconfig CWE-89	7.5
2020-02-25	CVE-2020-9398	SQL Injection vulnerability in Ispconfig ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. network ispconfig CWE-89 critical	9.3
2020-02-07	CVE-2013-3629	Unspecified vulnerability in Ispconfig 3.0.5.2 ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution network low complexity ispconfig	6.5
2020-01-23	CVE-2012-2087	Incorrect Permission Assignment for Critical Resource vulnerability in Ispconfig 3.0.4.3 ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. network low complexity ispconfig CWE-732	7.5
2018-10-04	CVE-2018-17984	Incorrect Regular Expression vulnerability in Ispconfig An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. local low complexity ispconfig CWE-185	4.6
2017-12-07	CVE-2017-17384	Improper Privilege Management vulnerability in Ispconfig ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. network low complexity ispconfig CWE-269 critical	9.0
2015-06-15	CVE-2015-4119	Cross-Site Request Forgery (CSRF) vulnerability in Ispconfig 3.0.5.4 Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php. network ispconfig CWE-352	6.8
2015-06-15	CVE-2015-4118	SQL Injection vulnerability in Ispconfig 3.0.5.4 SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. network low complexity ispconfig CWE-89	6.5

Vulnerabilities > Ispconfig {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ispconfig"}]}

Vulnerabilities > Ispconfig