Detections
Analytics

CVE-2023-46818

high

Description

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

References

https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/

http://seclists.org/fulldisclosure/2023/Dec/2

http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html

Details

Source: Mitre, NVD

Published: 2023-10-27

Updated: 2024-10-11

Named Vulnerability: ISPConfig <= 3.2.11 PHP Code Injection Vulnerability

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.83354