CVE-2018-17984

HIGH

ISPConfig < 3.1.13 - Authenticated Arbitrary File Inclusion and Remote Code Execution via Unanchored Regular Expression

Title source: llm

Description

An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.ispconfig.org/blog/ispconfig-3-1-13-released-important-security-bugfix/

Exploit, Third Party Advisory x_refsource_misc

https://0x09al.github.io/security/ispconfig/exploit/vulnerability/2018/08/20/bug-or-backdoor-ispconfig-rce.html

Exploit, Third Party Advisory x_refsource_misc

https://github.com/0x09AL/0x09al.github.io/blob/master/_posts/2018-08-20-bug-or-backdoor-ispconfig-rce.markdown

View Exploit ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0337

EPSS Percentile 87.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-185

Status published

Products (1)

ispconfig/ispconfig < 3.1.13

Published Oct 04, 2018

Tracked Since Feb 18, 2026