CVE-2020-9398

CRITICAL

ISPConfig < 3.1.15p3 - SQL Injection via Reverse Proxy Panel

Title source: llm
STIX 2.1

Description

ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0127
EPSS Percentile 66.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (2)
ispconfig/ispconfig 3.1.15 (3 CPE variants)
ispconfig/ispconfig < 3.1.15
Published Feb 25, 2020
Tracked Since Feb 18, 2026