CVE-2023-46818 – ISPConfig 3.2.11 PHP Code Injection

https://notcve.org/view.php?id=CVE-2023-46818

27 Oct 2023 — An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. Se descubrió un problema en ISPConfig antes de 3.2.11p1. Un administrador puede lograr la inyección de código PHP en el editor de archivos de idioma si admin_allow_langedit está habilitado. ISPConfig versions 4.2.11 and below suffer from a PHP code injection vulnerability in language_edit.php. • https://packetstorm.news/files/id/176126 • CWE-94: Improper Control of Generation of Code ('Code Injection') •