Arbitrary File Inclusion Vulnerability in ISPConfig before 3.1.13

Arbitrary File Inclusion Vulnerability in ISPConfig before 3.1.13

CVE-2018-17984 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.

Learn more about our User Device Pen Test.