Cross-Site Request Forgery Vulnerabilities in ISPConfig by ISPConfig
CVE-2015-4119

Currently unrated

Key Information:

Vendor

Ispconfig

Status
Ispconfig
Vendor
CVE Published:
15 June 2015

What is CVE-2015-4119?

Multiple cross-site request forgery vulnerabilities exist in ISPConfig prior to version 3.0.5.4p7, enabling remote attackers to potentially hijack user sessions. Specifically, these vulnerabilities could allow an attacker to trigger actions under the guise of an authenticated administrator, including the creation of administrator accounts through targeted requests. Additionally, attacks leveraging these vulnerabilities could facilitate SQL injection via manipulated parameters, posing significant risks to data integrity and security for affected users.

References

http://www.securityfocus.com/archive/1/535734/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://bugtracker.ispconfig.org/index.php?do=details&task...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/75126
vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-4119 : Cross-Site Request Forgery Vulnerabilities in ISPConfig by ISPConfig