CVE-2020-9398
CRITICALISPConfig < 3.1.15p3 - SQL Injection via Reverse Proxy Panel
Title source: llmDescription
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.ispconfig.org/blog/ispconfig-3-1-15p3-released-security-bugfix-release/
Scores
CVSS v3
9.8
EPSS
0.0127
EPSS Percentile
66.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (2)
ispconfig/ispconfig
3.1.15 (3 CPE variants)
ispconfig/ispconfig
< 3.1.15
Published
Feb 25, 2020
Tracked Since
Feb 18, 2026