Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ispconfig ispconfig vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-3021
ISPConfig prior to 3.2.2 allows SQL injection.
Ispconfig Ispconfig
9.8
CVSSv3
CVE-2020-9398
ISPConfig prior to 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
Ispconfig Ispconfig
Ispconfig Ispconfig 3.1.15
9.8
CVSSv3
CVE-2012-2087
ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface.
Ispconfig Ispconfig 3.0.4.3
8.8
CVSSv3
CVE-2013-3629
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
Ispconfig Ispconfig 3.0.5.2
1 EDB exploit
8.8
CVSSv3
CVE-2017-17384
ISPConfig 3.x prior to 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.
Ispconfig Ispconfig 3.0.2.1
Ispconfig Ispconfig 3.0.3
Ispconfig Ispconfig 3.0.3.1
Ispconfig Ispconfig 3.0.4
Ispconfig Ispconfig 3.0.4.1
Ispconfig Ispconfig 3.0.5
Ispconfig Ispconfig 3.0.5.4
Ispconfig Ispconfig 3.1.4
Ispconfig Ispconfig 3.1.2
Ispconfig Ispconfig 3.0.5.1
Ispconfig Ispconfig 3.0.2
Ispconfig Ispconfig 3.0.2.2
Ispconfig Ispconfig 3.0.4.3
Ispconfig Ispconfig 3.0.4.2
Ispconfig Ispconfig 3.0.4.6
Ispconfig Ispconfig 3.1.8
Ispconfig Ispconfig 3.1.7
Ispconfig Ispconfig 3.1.6
Ispconfig Ispconfig 3.0.5.3
Ispconfig Ispconfig 3.0.5.2
Ispconfig Ispconfig 3.0.3.2
Ispconfig Ispconfig 3.0.3.3
7.8
CVSSv3
CVE-2018-17984
An unanchored /[a-z]{2}/ regular expression in ISPConfig prior to 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.
Ispconfig Ispconfig
7.2
CVSSv3
CVE-2023-46818
An issue exists in ISPConfig prior to 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Ispconfig Ispconfig 3.2.11
Ispconfig Ispconfig
NA
CVE-2015-4119
Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig prior to 3.0.5.4p7 allow remote malicious users to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary user...
Ispconfig Ispconfig
1 EDB exploit
NA
CVE-2015-4118
SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig prior to 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2.
Ispconfig Ispconfig
1 EDB exploit
NA
CVE-2006-3042
Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php...
Ispconfig Ispconfig 2.2.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »