CVE-2023-46818 PoC — ISPConfig 安全漏洞

Source

https://github.com/hunntr/CVE-2023-46818

Associated Vulnerability

Title:ISPConfig 安全漏洞 (CVE-2023-46818)
Description:ISPConfig是一套基于Linux的开源主机控制面板，它可通过Web控制面板管理多台服务器、开设网站、监控服务器运行状况等。 ISPConfig 3.2.11p1 之前版本存在安全漏洞，该漏洞源于如果启用了 admin_allow_langedit，管理员可以在语言文件编辑器中实现 PHP 代码注入。

Description

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

Readme

![Banner](https://imgur.com/oNIWBFV.png)

----

<h1 align="center">CVE-2023-46818</h1>

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. 

## Usage

```
❯ python3 CVE-2023-46818.py
Usage: python3 CVE-2023-46818.py <URL> <username> <password>

Poc of CVE-2023-46818 ISPConfig <= 3.2.11 - Code Injection Vulnerability by hunntr
```

## References

- https://nvd.nist.gov/vuln/detail/CVE-2023-46818
- https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released
- https://seclists.org/fulldisclosure/2023/Dec/2

## Credit
If you found this project useful or interesting, consider supporting it by giving a ⭐ to the repository!

File Snapshot


 [4.0K]  /data/pocs/53341caf7a2b9b407024e88fe6ce6a8779632cf9
├── [3.5K]  CVE-2023-46818.py
├── [ 742]  README.md
└── [  16]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!