Lucene search
K

141 matches found

CVE
CVE
added 2021/01/05 3:47 p.m.51 views

CVE-2021-3021

CVE-2021-3021 affects ISPConfig before 3.2.2. The root cause is a lack of validation of externally-entered SQL statements in database-based applications, enabling SQL injection. Documented impact includes the ability to execute arbitrary SQL commands via the vulnerable web management software; ex...

9.8CVSS9.8AI score0.02117EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/01/05 12:0 a.m.6 views

ISPConfig SQL注入漏洞

ISPConfig is an open source web hosting management program for Linux with a Web control panel , you can use the Web control panel to manage web hosting , open a website , open a mailbox , open and manage mysql databases , support for DNS resolution and monitor the server's operating conditions an...

9.8CVSS7.4AI score0.02117EPSS
Exploits0References3
CNVD
CNVD
added 2020/02/26 12:0 a.m.2 views

ISPConfig SQL Injection Vulnerability

ISPConfig is an open source web hosting management program for Linux with a Web control panel , you can use the Web control panel to manage web hosting , open a website , open a mailbox , open and manage mysql databases , support for DNS resolution and monitor the server's operating conditions an...

9.8CVSS7.9AI score0.01266EPSS
Exploits0References1
NVD
NVD
added 2020/02/25 9:15 p.m.17 views

CVE-2020-9398

ISPConfig before 3.1.15p3, when the undocumented reverseproxypanelallowed=sites option is manually enabled, allows SQL Injection...

9.8CVSS9.7AI score0.01266EPSS
Exploits0References1
OSV
OSV
added 2020/02/25 9:15 p.m.3 views

CVE-2020-9398

ISPConfig before 3.1.15p3, when the undocumented reverseproxypanelallowed=sites option is manually enabled, allows SQL Injection...

9.8CVSS7.3AI score0.01266EPSS
Exploits0References1
Prion
Prion
added 2020/02/25 9:15 p.m.13 views

Sql injection

ISPConfig before 3.1.15p3, when the undocumented reverseproxypanelallowed=sites option is manually enabled, allows SQL Injection...

9.3CVSS9.7AI score0.01266EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/02/25 8:23 p.m.13 views

CVE-2020-9398

ISPConfig before 3.1.15p3, when the undocumented reverseproxypanelallowed=sites option is manually enabled, allows SQL Injection...

9.8AI score0.01266EPSS
Exploits0References1
CVE
CVE
added 2020/02/25 8:23 p.m.80 views

CVE-2020-9398

ISPConfig vulnerability CVE-2020-9398 affects ISPConfig before 3.1.15p3. When the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, it enables an SQL Injection in the web control panel. This is the underlying root cause: enabling a hidden option in the reverse proxy panel...

9.8CVSS9.6AI score0.01266EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/02/07 3:15 p.m.30 views

CVE-2013-3629

ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...

8.8CVSS8.9AI score0.43103EPSS
Exploits5References4
Prion
Prion
added 2020/02/07 3:15 p.m.15 views

Code injection

ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...

6.5CVSS7.6AI score0.43103EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2020/02/07 2:25 p.m.34 views

CVE-2013-3629

ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...

9AI score0.43103EPSS
Exploits5References4
CVE
CVE
added 2020/02/07 2:25 p.m.57 views

CVE-2013-3629

CVE-2013-3629 affects ISPConfig 3.0.5.2. The Red Hat/NVD/CVE records and related sources describe an Arbitrary PHP Code Execution vulnerability. The root cause is a flaw in ISPConfig’s content/language handling that allows an authenticated user to cause arbitrary PHP code execution on the server ...

8.8CVSS8.8AI score0.43103EPSS
Exploits5References4Affected Software1
NVD
NVD
added 2020/01/23 3:15 p.m.16 views

CVE-2012-2087

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

9.8CVSS9.5AI score0.02714EPSS
Exploits1References4
Prion
Prion
added 2020/01/23 3:15 p.m.12 views

Input validation

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

7.5CVSS7.2AI score0.02714EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2020/01/23 1:57 p.m.47 views

CVE-2012-2087

CVE-2012-2087 affects ISPConfig 3.0.4.3: the issue in the WebDAV user creation flow allows a user to chmod and chown the entire server from the client interface. This is documented in multiple sources (NVD, Red Hat, CVE lists). The connected documents do not specify a patch or remediation version...

9.8CVSS9.4AI score0.02714EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/01/23 1:57 p.m.20 views

CVE-2012-2087

ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface...

9.6AI score0.02714EPSS
Exploits1References4
Check Point Advisories
Check Point Advisories
added 2019/02/19 12:0 a.m.3 views

ISPConfig Arbitrary File Inclusion (CVE-2018-17984)

An arbitrary file inclusion vulnerability exists in ISPConfig. This vulnerability is due to insufficient validation of user input. Successful exploitation results in RCE under the security context of the target application...

4.6CVSS2.8AI score0.03369EPSS
Exploits1
exploitpack
exploitpack
added 2018/10/05 12:0 a.m.12 views

ISPConfig 3.1.13 - Remote Command Execution

ISPConfig 3.1.13 - Remote Command Execution Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match...

7.7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/05 12:0 a.m.25 views

ISPConfig < 3.1.13 - Remote Command Execution

Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match the entire file. Since in the new versions ...

7.4AI score
Exploits0
NVD
NVD
added 2018/10/04 11:29 p.m.13 views

CVE-2018-17984

An unanchored /a-z2/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access...

7.8CVSS7.6AI score0.03369EPSS
Exploits1References3
Rows per page
Query Builder