Vulnerability Details : CVE-2013-3629
Public exploit exists!
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
Products affected by CVE-2013-3629
- cpe:2.3:a:ispconfig:ispconfig:3.0.5.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3629
88.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-3629
-
ISPConfig Authenticated Arbitrary PHP Code Execution
Disclosure Date: 2013-10-30First seen: 2020-04-26exploit/multi/http/ispconfig_php_execISPConfig allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run aribitrary PHP code remotely on the ISPConfig server. This module was teste
CVSS scores for CVE-2013-3629
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2013-3629
-
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
Seven FOSS Tricks and Treats (Part Two)Exploit;Third Party Advisory
-
http://www.securityfocus.com/bid/63455
ISPConfig '/content.php' Arbitrary PHP Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
http://www.exploit-db.com/exploits/29322
ISPConfig - (Authenticated) Arbitrary PHP Code Execution (Metasploit) - PHP remote ExploitExploit;Third Party Advisory;VDB Entry
-
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
Seven FOSS Tricks and Treats (Part One)Third Party Advisory
Jump to