CVE-2018-17984

An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
ispconfigispconfig
𝑥
< 3.1.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://0x09al.github.io/security/ispconfig/exploit/vulnerability/2018/08/20/bug-or-backdoor-ispconfig-rce.html
https://github.com/0x09AL/0x09al.github.io/blob/master/_posts/2018-08-20-bug-or-backdoor-ispconfig-rce.markdown
https://www.ispconfig.org/blog/ispconfig-3-1-13-released-important-security-bugfix/
https://0x09al.github.io/security/ispconfig/exploit/vulnerability/2018/08/20/bug-or-backdoor-ispconfig-rce.html
https://github.com/0x09AL/0x09al.github.io/blob/master/_posts/2018-08-20-bug-or-backdoor-ispconfig-rce.markdown
https://www.ispconfig.org/blog/ispconfig-3-1-13-released-important-security-bugfix/