关联漏洞
标题:
ISPConfig 安全漏洞
(CVE-2023-46818)
描述:ISPConfig是一套基于Linux的开源主机控制面板,它可通过Web控制面板管理多台服务器、开设网站、监控服务器运行状况等。 ISPConfig 3.2.11p1 之前版本存在安全漏洞,该漏洞源于如果启用了 admin_allow_langedit,管理员可以在语言文件编辑器中实现 PHP 代码注入。
描述
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
介绍
----
<h1 align="center">CVE-2023-46818</h1>
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
## Usage
```
❯ python3 CVE-2023-46818.py
Usage: python3 CVE-2023-46818.py <URL> <username> <password>
Poc of CVE-2023-46818 ISPConfig <= 3.2.11 - Code Injection Vulnerability by hunntr
```
## References
- https://nvd.nist.gov/vuln/detail/CVE-2023-46818
- https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released
- https://seclists.org/fulldisclosure/2023/Dec/2
## Credit
If you found this project useful or interesting, consider supporting it by giving a ⭐ to the repository!
文件快照
[4.0K] /data/pocs/53341caf7a2b9b407024e88fe6ce6a8779632cf9
├── [3.5K] CVE-2023-46818.py
├── [ 742] README.md
└── [ 16] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。