CVE-2018-17984

An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.
Configurations

Configuration 1

cpe:2.3:a:ispconfig:ispconfig:*:*:*:*:*:*:*:*

Information

Published : 2018-10-04 11:29

Updated : 2018-12-13 05:11


NVD link : CVE-2018-17984

Mitre link : CVE-2018-17984

Products Affected
No products.
CWE
CWE-185

Incorrect Regular Expression