2 matches found
ISPConfig Arbitrary File Inclusion (CVE-2018-17984)
An arbitrary file inclusion vulnerability exists in ISPConfig. This vulnerability is due to insufficient validation of user input. Successful exploitation results in RCE under the security context of the target application...
CVE-2018-17984
CVE-2018-17984 affects ISPConfig prior to 3.1.13, where an unanchored /[a-z]{2}/ regular expression enables arbitrary file inclusion, potentially leading to code execution. The issue is exploitable by authenticated users with local filesystem access, allowing execution in the security context of ...