An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html | |
http://seclists.org/fulldisclosure/2023/Dec/2 | |
https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/ | Issue Tracking Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-27T00:00:00
Updated: 2023-12-13T00:06:36.798543
Reserved: 2023-10-27T00:00:00
Link: CVE-2023-46818
JSON object: View
NVD Information
Status : Modified
Published: 2023-10-27T04:15:10.907
Modified: 2023-12-13T00:15:07.247
Link: CVE-2023-46818
JSON object: View
Redhat Information
No data.
CWE