CVSS: 8.3EPSS: 86%CPEs: 2EXPL: 2CVE-2023-46818 – ISPConfig 3.2.11 PHP Code Injection
https://notcve.org/view.php?id=CVE-2023-46818
27 Oct 2023 — An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. Se descubrió un problema en ISPConfig antes de 3.2.11p1. Un administrador puede lograr la inyección de código PHP en el editor de archivos de idioma si admin_allow_langedit está habilitado. ISPConfig versions 4.2.11 and below suffer from a PHP code injection vulnerability in language_edit.php. • https://packetstorm.news/files/id/176126 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3021
https://notcve.org/view.php?id=CVE-2021-3021
05 Jan 2021 — ISPConfig before 3.2.2 allows SQL injection. ISPConfig versiones anteriores a 3.2.2, permite una inyección de SQL • https://twitter.com/ispconfig/status/1346142615511724032 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-9398
https://notcve.org/view.php?id=CVE-2020-9398
25 Feb 2020 — ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection. ISPConfig versiones anteriores a 3.1.15p3, cuando la opción reverse_proxy_panel_allowed=sites no documentada es habilitada manualmente, permite una inyección SQL. • https://www.ispconfig.org/blog/ispconfig-3-1-15p3-released-security-bugfix-release • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •