Vulnerabilities > Ispconfig > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-05 | CVE-2021-3021 | SQL Injection vulnerability in Ispconfig ISPConfig before 3.2.2 allows SQL injection. | 9.8 |
| 2020-02-25 | CVE-2020-9398 | SQL Injection vulnerability in Ispconfig ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. | 9.8 |
| 2020-01-23 | CVE-2012-2087 | Incorrect Permission Assignment for Critical Resource vulnerability in Ispconfig 3.0.4.3 ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | 9.8 |