Ispconfig: >> Ispconfig >> 3.1.13 Security Vulnerabilities
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
CVSS Score
7.2
EPSS Score
0.898
Published
2023-10-27
ISPConfig before 3.2.2 allows SQL injection.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-01-05
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-02-25