PT-2020-7197 · Ispconfig · Ispconfig

Hakong

Published

2020-01-23

Updated

2020-01-30

CVE-2012-2087

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ISPConfig version 3.0.4.3

Description The issue allows the "Add new Webdav user" feature to modify permissions and ownership of files on the entire server from the client interface, potentially leading to unauthorized access and modifications.

Recommendations For ISPConfig version 3.0.4.3, consider restricting access to the "Add new Webdav user" feature until a patch is available to prevent unauthorized modifications to the server's file system.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2012-2087

Affected Products

Ispconfig

PT-2020-7197 · Ispconfig · Ispconfig

CVE-2012-2087

Weakness Enumeration

Related Identifiers

Affected Products

References · 5