Menü Schließen

ISPConfig Security Release 3.2.11p1

ISPConfig Logo

Das beliebte Multi-Server-Control-Panel ISPConfig erhielt, bereits im Oktober 2023, das Sicherheitsupdate 3.2.11p1, dass eine Lücke schließt die unter speziellen Umständen ausgenutzt werden kann.

ISPConfig 3.2.11p1 Release Notes

This is a security patch release, it fixes a PHP Code Injection Vulnerability in the ISPConfig language file editor.
The vulnerability requires that the attacker is correctly logged in as the ‘admin’ user (the account with superadmin privilege) in ISPConfig, so an attacker must know the administrator password or get access to an active admin account session. Not affected are logins from Clients, Resellers, or Email users and also not logins from additionally created admin users.
Also not affected are systems where the language editor is disabled. The language editor can be disabled by setting:


in the file /usr/local/ispconfig/security/security_settings.ini.
Thank you to Egidio Romano from Karma(In)Security for reporting this issue.

You can see the full changelog here:

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert