An unanchored /[a-z]{2}/ regular expression in ISPConfig...
High severity
Unreviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Oct 4, 2018
Published to the GitHub Advisory Database
May 14, 2022
Last updated
Feb 2, 2023
An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.
References