An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.Referenceshttps://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.htmlhttp://seclists.org/fulldisclosure/2023/Dec/2
