CVE-2023-46818 | PoC | ISPConfig 3.2.11p1
# CVE-2023-46818 - ISPConfig PHP Code Execution | Exploit
## High Remote Code Execution in ISPConfig
### PoC implementation.
---
## Resume
ISPConfig versions <= 3.2.11 are vulnerable to an authenticated PHP code injection vulnerability via the records[] parameter in the /admin/language_edit.php endpoint.
---
## 🛠 Technical Breakdown
This endpoint does not properly validate user input. An attacker with valid credentials can submit a specially crafted request to the language editing functionality, injecting PHP code that gets written to a file on the server (commonly shell.php). This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise. To mitigate this vulnerability, it is recommended to apply the latest ISPConfig updates and restrict access to the admin panel.
---
## 🔥 Vulnerable Endpoint
`http://<target>/admin/language_edit.php` — ISPConfig vulnerable endpoint
---
### 🚀 Launching the Exploit
Run the exploit script CVE-2024-47533.py.
```bash
python3 CVE-2023-46818.py -u <url> -U <username> -P <password>
```
### 💻 Successful Remote Shell Access
Upon successful execution, the reverse shell will connect back to the machine, granting the attacker remote access to the server.
[4.0K] /data/pocs/8c47d731dbae5c8a6af0e64212b35fec7a188bba
├── [4.1K] CVE-2023-46818.py
└── [1.3K] README.md
0 directories, 2 files