Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-46818

EPSS 89.45% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-46818

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ISPConfig 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ISPConfig是一套基于Linux的开源主机控制面板,它可通过Web控制面板管理多台服务器、开设网站、监控服务器运行状况等。 ISPConfig 3.2.11p1 之前版本存在安全漏洞,该漏洞源于如果启用了 admin_allow_langedit,管理员可以在语言文件编辑器中实现 PHP 代码注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2023-46818

#POC DescriptionSource LinkShenlong Link
1CVE-2023-46818 IPSConfig Python exploithttps://github.com/bipbopbup/CVE-2023-46818-python-exploitPOC Details
2An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-46818.yamlPOC Details
3This is my own exploit for CVE-2023-46818 happy hacking!https://github.com/blindma1den/CVE-2023-46818-ExploitPOC Details
4CVE-2023-46818 Python3 Exploit for ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerabilityhttps://github.com/ajdumanhug/CVE-2023-46818POC Details
5CVE-2023-46818 Python3 Exploit for Backdrop CMS <= 1.22.0 Authenticated Remote Command Execution (RCE)https://github.com/ajdumanhug/CVE-2022-42092POC Details
6CVE-2023-46818 - ISPConfig PHP Code Injection PoC Exploit (Bash)https://github.com/rvizx/CVE-2023-46818POC Details
7Nonehttps://github.com/engranaabubakar/CVE-2023-46818POC Details
8An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.https://github.com/hunntr/CVE-2023-46818POC Details
9Metasploit Moduleshttps://github.com/SyFi/CVE-2023-46818POC Details
10Python PoC for CVE-2023-46818https://github.com/vulnerk0/CVE-2023-46818POC Details
11CVE-2023-46818 | PoC | ISPConfig 3.2.11p1https://github.com/zs1n/CVE-2023-46818POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-46818

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-10-27 · 27 CVEs total

CVE-2023-340577.8 HIGHVMware Tools 安全漏洞
CVE-2023-340597.4 HIGHVMware Tools 安全漏洞
CVE-2023-340587.1 HIGHVMware Tools 安全漏洞
CVE-2023-46393gougucms 安全漏洞
CVE-2023-46853Memcached 安全漏洞
CVE-2023-46852Memcached 安全漏洞
CVE-2023-46816SugarCRM 安全漏洞
CVE-2023-46815SugarCRM 安全漏洞
CVE-2023-46813Linux kernel 安全漏洞
CVE-2023-46587XnView Classic 安全漏洞
CVE-2023-46510ZIONCOM Technology A7000R 安全漏洞
CVE-2023-46490Cacti SQL注入漏洞
CVE-2023-46407FFmpeg 安全漏洞
CVE-2023-46509Contec SolarView Compact 安全漏洞
CVE-2023-35794Cassia Networks Access Controller 安全漏洞
CVE-2022-34834VERMEG Agile Reporter 安全漏洞
CVE-2022-34833VERMEG Agile Reporter 安全漏洞
CVE-2022-34832VERMEG Agile Reporter 安全漏洞
CVE-2023-46375Nature Easy Soft Network Technology ZenTao 跨站请求伪造漏洞
CVE-2023-46376Nature Easy Soft Network Technology ZenTao 信息泄露漏洞

Showing top 20 of 27 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2023-46818

No comments yet

Leave a comment