CVE-2015-4118

Name of the Vulnerable Software and Affected Versions ISPConfig versions prior to 3.0.5.4p7

Description The issue allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter in the "monitor/show sys state.php" file. This can potentially be leveraged by remote attackers.

Recommendations For versions prior to 3.0.5.4p7, update to version 3.0.5.4p7 or later to resolve the issue. As a temporary workaround, consider restricting access to the "monitor/show sys state.php" file and the server parameter to minimize the risk of exploitation.