CVE-2018-17984

EUVD-2018-9723
An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
ispconfigispconfig
𝑥
< 3.1.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://0x09al.github.io/security/ispconfig/exploit/vulnerability/2018/08/20/bug-or-backdoor-ispconfig-rce.html
https://github.com/0x09AL/0x09al.github.io/blob/master/_posts/2018-08-20-bug-or-backdoor-ispconfig-rce.markdown
https://www.ispconfig.org/blog/ispconfig-3-1-13-released-important-security-bugfix/
https://0x09al.github.io/security/ispconfig/exploit/vulnerability/2018/08/20/bug-or-backdoor-ispconfig-rce.html
https://github.com/0x09AL/0x09al.github.io/blob/master/_posts/2018-08-20-bug-or-backdoor-ispconfig-rce.markdown
https://www.ispconfig.org/blog/ispconfig-3-1-13-released-important-security-bugfix/