## https://sploitus.com/exploit?id=D11892AD-853A-5773-B122-762F6BD13673
# CVE-2023-46818-Exploit
This is my own exploit for CVE-2023-46818 happy hacking!
This exploit automates the attack described in CVE-2023-46818 by taking advantage of a PHP code injection vulnerability in ISPConfig version 3.2.11 and earlier. It logs into the ISPConfig panel using valid credentials, targets the vulnerable language_edit.php file, and abuses the records[\] form field to inject malicious PHP code. This payload writes a sh.php file on the server, which functions as a lightweight web shell. Once deployed, it launches an interactive shell where the user can type system commands, which the PHP script executes remotely and returns the output wrapped between ____ markers for easy parsing.
Please, feel free to send PR to improve if you considere it, happy hacking!
@blindma1den