Vulnerabilities > CVE-2013-3629 - Unspecified vulnerability in Ispconfig 3.0.5.2

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

exploit available

metasploit

NVD

Published: 2020-02-07

Updated: 2020-02-10

Summary

ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution

Part	Description	Count
Application	Ispconfig Ispconfig Ispconfig 3.0.5.2	1

description	ISPConfig Authenticated Arbitrary PHP Code Execution. CVE-2013-3629. Remote exploit for php platform
id	EDB-ID:29322
last seen	2016-02-03
modified	2013-10-31
published	2013-10-31
reporter	metasploit
source	https://www.exploit-db.com/download/29322/
title	ISPConfig Authenticated Arbitrary PHP Code Execution

description	ISPConfig allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run aribitrary PHP code remotely on the ISPConfig server. This module was tested against version 3.0.5.2.
id	MSF:EXPLOIT/MULTI/HTTP/ISPCONFIG_PHP_EXEC
last seen	2020-05-20
modified	2020-02-18
published	2013-10-30
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3629 https://blog.rapid7.com/2013/10/30/seven-tricks-and-treats
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/ispconfig_php_exec.rb
title	ISPConfig Authenticated Arbitrary PHP Code Execution

data source	https://packetstormsecurity.com/files/download/123855/ispconfig_php_exec.rb.txt
id	PACKETSTORM:123855
last seen	2016-12-05
published	2013-10-30
reporter	Brandon Perry
source	https://packetstormsecurity.com/files/123855/ISPConfig-Authenticated-Arbitrary-PHP-Code-Execution.html
title	ISPConfig Authenticated Arbitrary PHP Code Execution