Code Injection in language_edit functionality - by admin user only

See SSD Report:

https://ssd-disclosure.com/ssd-advisory-ispconfig-authenticated-remote-code-execution/

This issue requires that the logged-in user is a system administrator of the server (user type admin). Unauthenticated Users, Clients, or Resellers can not exploit this issue.