Vulnerabilities > CVE-2013-3629 - Unspecified vulnerability in Ispconfig 3.0.5.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | ISPConfig Authenticated Arbitrary PHP Code Execution. CVE-2013-3629. Remote exploit for php platform |
| id | EDB-ID:29322 |
| last seen | 2016-02-03 |
| modified | 2013-10-31 |
| published | 2013-10-31 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/29322/ |
| title | ISPConfig Authenticated Arbitrary PHP Code Execution |
Metasploit
| description | ISPConfig allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run aribitrary PHP code remotely on the ISPConfig server. This module was tested against version 3.0.5.2. |
| id | MSF:EXPLOIT/MULTI/HTTP/ISPCONFIG_PHP_EXEC |
| last seen | 2020-05-20 |
| modified | 2020-02-18 |
| published | 2013-10-30 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/ispconfig_php_exec.rb |
| title | ISPConfig Authenticated Arbitrary PHP Code Execution |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/123855/ispconfig_php_exec.rb.txt |
| id | PACKETSTORM:123855 |
| last seen | 2016-12-05 |
| published | 2013-10-30 |
| reporter | Brandon Perry |
| source | https://packetstormsecurity.com/files/123855/ISPConfig-Authenticated-Arbitrary-PHP-Code-Execution.html |
| title | ISPConfig Authenticated Arbitrary PHP Code Execution |