Cross-Site Request Forgery Vulnerabilities in ISPConfig by ISPConfig

CVE-2015-4119

What is CVE-2015-4119?

Multiple cross-site request forgery vulnerabilities exist in ISPConfig prior to version 3.0.5.4p7, enabling remote attackers to potentially hijack user sessions. Specifically, these vulnerabilities could allow an attacker to trigger actions under the guise of an authenticated administrator, including the creation of administrator accounts through targeted requests. Additionally, attacks leveraging these vulnerabilities could facilitate SQL injection via manipulated parameters, posing significant risks to data integrity and security for affected users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References