141 matches found
CVE-2021-3021
CVE-2021-3021 affects ISPConfig before 3.2.2. The root cause is a lack of validation of externally-entered SQL statements in database-based applications, enabling SQL injection. Documented impact includes the ability to execute arbitrary SQL commands via the vulnerable web management software; ex...
ISPConfig SQL注入漏洞
ISPConfig is an open source web hosting management program for Linux with a Web control panel , you can use the Web control panel to manage web hosting , open a website , open a mailbox , open and manage mysql databases , support for DNS resolution and monitor the server's operating conditions an...
ISPConfig SQL Injection Vulnerability
ISPConfig is an open source web hosting management program for Linux with a Web control panel , you can use the Web control panel to manage web hosting , open a website , open a mailbox , open and manage mysql databases , support for DNS resolution and monitor the server's operating conditions an...
CVE-2020-9398
ISPConfig before 3.1.15p3, when the undocumented reverseproxypanelallowed=sites option is manually enabled, allows SQL Injection...
CVE-2020-9398
ISPConfig before 3.1.15p3, when the undocumented reverseproxypanelallowed=sites option is manually enabled, allows SQL Injection...
Sql injection
ISPConfig before 3.1.15p3, when the undocumented reverseproxypanelallowed=sites option is manually enabled, allows SQL Injection...
CVE-2020-9398
ISPConfig before 3.1.15p3, when the undocumented reverseproxypanelallowed=sites option is manually enabled, allows SQL Injection...
CVE-2020-9398
ISPConfig vulnerability CVE-2020-9398 affects ISPConfig before 3.1.15p3. When the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, it enables an SQL Injection in the web control panel. This is the underlying root cause: enabling a hidden option in the reverse proxy panel...
CVE-2013-3629
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...
Code injection
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...
CVE-2013-3629
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...
CVE-2013-3629
CVE-2013-3629 affects ISPConfig 3.0.5.2. The Red Hat/NVD/CVE records and related sources describe an Arbitrary PHP Code Execution vulnerability. The root cause is a flaw in ISPConfig’s content/language handling that allows an authenticated user to cause arbitrary PHP code execution on the server ...
CVE-2012-2087
ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...
Input validation
ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...
CVE-2012-2087
CVE-2012-2087 affects ISPConfig 3.0.4.3: the issue in the WebDAV user creation flow allows a user to chmod and chown the entire server from the client interface. This is documented in multiple sources (NVD, Red Hat, CVE lists). The connected documents do not specify a patch or remediation version...
CVE-2012-2087
ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...
ISPConfig Arbitrary File Inclusion (CVE-2018-17984)
An arbitrary file inclusion vulnerability exists in ISPConfig. This vulnerability is due to insufficient validation of user input. Successful exploitation results in RCE under the security context of the target application...
ISPConfig 3.1.13 - Remote Command Execution
ISPConfig 3.1.13 - Remote Command Execution Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match...
ISPConfig < 3.1.13 - Remote Command Execution
Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match the entire file. Since in the new versions ...
CVE-2018-17984
An unanchored /a-z2/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access...