CVE-2023-46818 PoC — ISPConfig 安全漏洞

Source

https://github.com/ajdumanhug/CVE-2022-42092

Associated Vulnerability

Title:ISPConfig 安全漏洞 (CVE-2023-46818)
Description:An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

Description

CVE-2023-46818 Python3 Exploit for Backdrop CMS <= 1.22.0 Authenticated Remote Command Execution (RCE)

Readme

# CVE-2022-42092 Python Exploit

## 🔥 Description
This Python exploit script targets an unrestricted file upload in Backdrop CMS to achieve a Remote Code Execution (RCE).

## ⚠️ Affected Versions
Version 1.22.0 and prior version
Note: Backdrop CMS disputes this and argues that advanced permissions are required, which is why it might still exist in versions above 1.22.0. I’m guessing they mean you would need to have admin access first. Still, it’s a valid vulnerability, and it can definitely be exploited to gain full system control.

## ⚙️ Usage
```shell
python3 CVE-2022-42902.py <target_url> <username> <password> <listener_ip> <listener_port>
```
Important: Start your listener before running the script:
```shell
nc -lvnp <listener_port>
```

## 💻 Sample Run
![image](https://github.com/user-attachments/assets/62f02ffc-3de5-4b72-b274-9575e3b4780f)

## ℹ️ Reference
- [CVE-2022-42092 Detail](https://nvd.nist.gov/vuln/detail/CVE-2022-42092)

File Snapshot


 [4.0K]  /data/pocs/1c0e44d6fec5f0fef53a9373599d990614f337cf
├── [6.8K]  CVE-2022-42092.py
└── [ 972]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!