What is CVE-2023-46818?

CVE-2023-46818 is a vulnerability in N/a. Published 2023-10-27.

Is CVE-2023-46818 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-46818

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

EPSS: 0.905 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

bipbopbup/CVE-2023-46818-python-exploit
hunntr/CVE-2023-46818
ajdumanhug/CVE-2023-46818
blindma1den/CVE-2023-46818-Exploit
rvizx/CVE-2023-46818
rvzsec/CVE-2023-46818
zs1n/CVE-2023-46818
ajdumanhug/CVE-2022-42092
vulnerk0/CVE-2023-46818
SyFi/CVE-2023-46818

References

www.ispconfig.org/blog/ispconfig-3-2-11p1-released/
packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html
20231212 [KIS-2023-13] ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability (mailing-list)

Frequently asked questions

What is CVE-2023-46818?: CVE-2023-46818 is a vulnerability in N/a. Published 2023-10-27.
Is CVE-2023-46818 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.