Vulnerabilities > CVE-2013-3629 - Unspecified vulnerability in Ispconfig 3.0.5.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | ISPConfig Authenticated Arbitrary PHP Code Execution. CVE-2013-3629. Remote exploit for php platform |
id | EDB-ID:29322 |
last seen | 2016-02-03 |
modified | 2013-10-31 |
published | 2013-10-31 |
reporter | metasploit |
source | https://www.exploit-db.com/download/29322/ |
title | ISPConfig Authenticated Arbitrary PHP Code Execution |
Metasploit
description | ISPConfig allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run aribitrary PHP code remotely on the ISPConfig server. This module was tested against version 3.0.5.2. |
id | MSF:EXPLOIT/MULTI/HTTP/ISPCONFIG_PHP_EXEC |
last seen | 2020-05-20 |
modified | 2020-02-18 |
published | 2013-10-30 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/ispconfig_php_exec.rb |
title | ISPConfig Authenticated Arbitrary PHP Code Execution |
Packetstorm
data source | https://packetstormsecurity.com/files/download/123855/ispconfig_php_exec.rb.txt |
id | PACKETSTORM:123855 |
last seen | 2016-12-05 |
published | 2013-10-30 |
reporter | Brandon Perry |
source | https://packetstormsecurity.com/files/123855/ISPConfig-Authenticated-Arbitrary-PHP-Code-Execution.html |
title | ISPConfig Authenticated Arbitrary PHP Code Execution |