Description
An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.ispconfig.org/blog/ispconfig-3-1-13-released-important-security-bugfix/
Exploit, Third Party Advisory x_refsource_misc
https://0x09al.github.io/security/ispconfig/exploit/vulnerability/2018/08/20/bug-or-backdoor-ispconfig-rce.html
Exploit, Third Party Advisory x_refsource_misc
https://github.com/0x09AL/0x09al.github.io/blob/master/_posts/2018-08-20-bug-or-backdoor-ispconfig-rce.markdown
Scores
CVSS v3
7.8
EPSS
0.0043
EPSS Percentile
62.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-185
Status
published
Products (1)
ispconfig/ispconfig
< 3.1.13
Published
Oct 04, 2018
Tracked Since
Feb 18, 2026