Cross-Site Request Forgery Vulnerabilities in ISPConfig by ISPConfig
CVE-2015-4119

Currently unrated

Key Information:

Vendor

Ispconfig

Status
Ispconfig
Vendor
CVE Published:
15 June 2015

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2015-4119?

Multiple cross-site request forgery vulnerabilities exist in ISPConfig prior to version 3.0.5.4p7, enabling remote attackers to potentially hijack user sessions. Specifically, these vulnerabilities could allow an attacker to trigger actions under the guise of an authenticated administrator, including the creation of administrator accounts through targeted requests. Additionally, attacks leveraging these vulnerabilities could facilitate SQL injection via manipulated parameters, posing significant risks to data integrity and security for affected users.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-4119 - Proof of Concept

References

http://www.securityfocus.com/archive/1/535734/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://bugtracker.ispconfig.org/index.php?do=details&task...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/75126
vdb-entryx_refsource_BID

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.