CVE-2023-46818 PoC — ISPConfig 安全漏洞

Source

https://github.com/engranaabubakar/CVE-2023-46818

Associated Vulnerability

Title:ISPConfig 安全漏洞 (CVE-2023-46818)
Description:An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

Readme


# CVE-2023-46818 
ISPConfig - PHP Code Injection PoC Exploit (Bash)


### Introduction 

`ISPConfig` versions <= 3.2.11 are vulnerable to an authenticated PHP code injection vulnerability via the `records[]` parameter in the `/admin/language_edit.php` endpoint. A malicious authenticated admin user can exploit this to inject arbitrary PHP code, leading to remote code execution. The vulnerability occurs due to unsanitized handling of language file input used in dynamically generated PHP code.

<br>

### Usage 

```bash
git clone https://github.com/engranaabubakar/CVE-2023-46818.git
cd CVE-2023-46818
chmod +x exploit.sh

./exploit.sh http://$IP admin admin


```

<br>
Note: This exploit requires valid ISPConfig admin credentials and will deploy a command web shell accessible at `/admin/sh.php`. It provides a terminal-like interface for continuous command execution on the target system.
<br><br><br>


### Credits

Researcher: Rana Abu Bakar <br>
Original Advisory: https://karmainsecurity.com/KIS-2023-13 <br>

File Snapshot


 [4.0K]  /data/pocs/a6b2dd5dabbb106ca8b79187ecb95af657827963
├── [2.7K]  exploit.sh
└── [1021]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!