CVE-2013-3629

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-3629. PoCs published by Metasploit, including Metasploit module exploits/multi/http/ispconfig_php_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated arbitrary PHP code execution vulnerability in ISPConfig by abusing the language settings export/import feature to upload and execute malicious PHP code.

Description

ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/29322

View Code ZIP pw:eip

This Metasploit module exploits an authenticated arbitrary PHP code execution vulnerability in ISPConfig by abusing the language settings export/import feature to upload and execute malicious PHP code.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ISPConfig 3.0.5.2

Auth required

Prerequisites: Authenticated access to ISPConfig admin panel · Valid username and password

MITRE ATT&CK

T1210 - Exploitation of Remote Services T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/ispconfig_php_exec.rb