) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ispconfig:ispconfig:3.0.4.1:*:*:*:*:*:*:*
- CPE Name Search: true
There are 5 matching records.
Displaying matches 1 through 5.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-46818 |
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. Published: October 27, 2023; 12:15:10 AM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
| CVE-2021-3021 |
ISPConfig before 3.2.2 allows SQL injection. Published: January 05, 2021; 11:15:15 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2020-9398 |
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. Published: February 25, 2020; 4:15:11 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 9.3 HIGH |
| CVE-2018-17984 |
An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access. Published: October 04, 2018; 7:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2017-17384 |
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. Published: December 07, 2017; 3:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |