Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:ISPCONFIG-SETTINGS-FI |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ISPConfig user_settings.php Arbitrary File Inclusion |
Release Date |
2019/01/23 |
Update Number |
3137 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: ISPConfig user_settings.php Arbitrary File Inclusion
This signature detects attempts to exploit an arbitrary file inclusion vulnerability which has been reported in ISPConfig. A remote attacker can exploit this vulnerability by sending a crafted request. Successful exploitation results in RCE under the security context of the target application.
Extended Description
An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access.
Affected Products
- Ispconfig ispconfig 2.0.4
- Ispconfig ispconfig 2.0.5
- Ispconfig ispconfig 2.0.6
- Ispconfig ispconfig 2.0.7
- Ispconfig ispconfig 2.0.8
- Ispconfig ispconfig 2.0.9
- Ispconfig ispconfig 2.1.0
- Ispconfig ispconfig 2.1.1
- Ispconfig ispconfig 2.1.2
- Ispconfig ispconfig 2.2.0
- Ispconfig ispconfig 2.2.1
- Ispconfig ispconfig 2.2.10
- Ispconfig ispconfig 2.2.11
- Ispconfig ispconfig 2.2.12
- Ispconfig ispconfig 2.2.13
- Ispconfig ispconfig 2.2.14
- Ispconfig ispconfig 2.2.15
- Ispconfig ispconfig 2.2.16
- Ispconfig ispconfig 2.2.17
- Ispconfig ispconfig 2.2.18
- Ispconfig ispconfig 2.2.19
- Ispconfig ispconfig 2.2.2
- Ispconfig ispconfig 2.2.20
- Ispconfig ispconfig 2.2.21
- Ispconfig ispconfig 2.2.22
- Ispconfig ispconfig 2.2.23
- Ispconfig ispconfig 2.2.24
- Ispconfig ispconfig 2.2.25
- Ispconfig ispconfig 2.2.26
- Ispconfig ispconfig 2.2.27
- Ispconfig ispconfig 2.2.28
- Ispconfig ispconfig 2.2.29
- Ispconfig ispconfig 2.2.3
- Ispconfig ispconfig 2.2.30
- Ispconfig ispconfig 2.2.31
- Ispconfig ispconfig 2.2.32
- Ispconfig ispconfig 2.2.33
- Ispconfig ispconfig 2.2.34
- Ispconfig ispconfig 2.2.35
- Ispconfig ispconfig 2.2.36
- Ispconfig ispconfig 2.2.37
- Ispconfig ispconfig 2.2.38
- Ispconfig ispconfig 2.2.39
- Ispconfig ispconfig 2.2.4
- Ispconfig ispconfig 2.2.40
- Ispconfig ispconfig 2.2.5
- Ispconfig ispconfig 2.2.6
- Ispconfig ispconfig 2.2.7
- Ispconfig ispconfig 2.2.8
- Ispconfig ispconfig 2.2.9
- Ispconfig ispconfig 3.0.2
- Ispconfig ispconfig 3.0.2.1
- Ispconfig ispconfig 3.0.2.2
- Ispconfig ispconfig 3.0.3
- Ispconfig ispconfig 3.0.3.1
- Ispconfig ispconfig 3.0.3.2
- Ispconfig ispconfig 3.0.3.3
- Ispconfig ispconfig 3.0.4
- Ispconfig ispconfig 3.0.4.1
- Ispconfig ispconfig 3.0.4.2
- Ispconfig ispconfig 3.0.4.3
- Ispconfig ispconfig 3.0.4.4
- Ispconfig ispconfig 3.0.4.5
- Ispconfig ispconfig 3.0.4.6
- Ispconfig ispconfig 3.0.5
- Ispconfig ispconfig 3.0.5.1
- Ispconfig ispconfig 3.0.5.2
- Ispconfig ispconfig 3.0.5.3
- Ispconfig ispconfig 3.0.5.4
- Ispconfig ispconfig 3.1
- Ispconfig ispconfig 3.1.1
- Ispconfig ispconfig 3.1.10
- Ispconfig ispconfig 3.1.11
- Ispconfig ispconfig 3.1.12
- Ispconfig ispconfig 3.1.2
- Ispconfig ispconfig 3.1.3
- Ispconfig ispconfig 3.1.4
- Ispconfig ispconfig 3.1.5
- Ispconfig ispconfig 3.1.6
- Ispconfig ispconfig 3.1.7
- Ispconfig ispconfig 3.1.8
- Ispconfig ispconfig 3.1.9
References
- CVE: CVE-2018-17984