An unanchored /[a-z]{2}/ regular expression in ISPConfig prior to 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ispconfig ispconfig |