ISPConfig.Session.INC.PHP.Remote.File.Inclusion
Description
It indicates a possible exploit of a file inclusion vulnerability in SPConfig that may allow remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter.
Affected Products
ISPConfig ISPConfig 2.2.3
ISPConfig ISPConfig 2.2.2
Impact
Compromise of the affected system.
Recommended Actions
The vendor reports that this issue is not exploitable on default configurations of the application, because the vulnerable file is not in the web root. However, the vendor has released an advisory to address this issue for situations where the vulnerable file is accessible remotely.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |