It indicates a possible exploit of a file inclusion vulnerability in SPConfig that may allow remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter.
ISPConfig ISPConfig 2.2.3
ISPConfig ISPConfig 2.2.2
Compromise of the affected system.
The vendor reports that this issue is not exploitable on default configurations of the application, because the vulnerable file is not in the web root. However, the vendor has released an advisory to address this issue for situations where the vulnerable file is accessible remotely.