Authenticated local root vulnerability
There is an authenticated privilege escalation vulnerability in ispconfig 3.
An authenticated user or admin may inject arbitrary characters while creating a cron job resulting in a crontab being executed as the root user.
This has been tested and known to be working from the api.
CVE has been requested and is in progress.