SQL Injection Vulnerability in ISPConfig by ISPConfig
CVE-2015-4118

Currently unrated

Key Information:

Vendor: Ispconfig
Status: Ispconfig
Vendor: CVE Published:; 15 June 2015

What is CVE-2015-4118?

An SQL injection vulnerability exists in the monitor/show_sys_state.php file of ISPConfig versions prior to 3.0.5.4p7. This flaw allows remote authenticated users with monitor permissions to manipulate SQL commands through the insecure handling of the server parameter. Exploiting this vulnerability can enable unauthorized access to the database, potentially leading to data breaches or unauthorized data manipulation. Users are encouraged to upgrade to the latest version to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/archive/1/535734/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://bugtracker.ispconfig.org/index.php?do=details&task...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/75126

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2015
Vulnerability Reserved
May 28, 2015

Ispconfig

What is CVE-2015-4118?

References

Timeline