Vulnerability Database

296,843

Total vulnerabilities in the database

CVE-2020-9398

ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.

  • Published: Feb 25, 2020
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-9398
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

Software From Fixed in
ispconfig / ispconfig 3.1.15 3.1.15.x
ispconfig / ispconfig 3.1.15-p1 3.1.15-p1.x
ispconfig / ispconfig 3.1.15-p2 3.1.15-p2.x
ispconfig / ispconfig - 3.1.15