Authenticated local root vulnerability
There is an authenticated privilege escalation vulnerability in ispconfig 3.
An authenticated user or admin may inject arbitrary characters while creating a cron job resulting in a crontab being executed as the root user.
This has been tested and known to be working from the api.
CVE has been requested and is in progress.
Edited by Chris Kessler