Sicherheitspatch für ISPConfig 3.0.5.4p5 veröffentlicht

Till

Administrator
#1
A XSS vulnerability has been found in the ISPConfig 3 module changer script.
The vulnerability requires a valid user login to ISPConfig, unauthenticated
users are not affected.

Vulnerable versions:

All recent ISPConfig 3 releases.

Fix:

A patch for ISPConfig 3.0.5.4p5 is available trough the ISPConfig patch tool.

Patch Installation:

Run the command:

ispconfig_patch

as root user on the shell and enter:

3054_capp

as patch code. The patch tool will download the patch from
ispconfig.org and apply it.

Credits:

We thank Alain for informing us about this issue.
 

Werbung