Lucene search

CVE-2021-28379

🗓️ 15 Mar 2021 06:12:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 7 Media mentions👁 112 Views🌐 WEB

VestaCP allows uploads from different origin

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2021-28379	15 Mar 202105:56	–	cvelist
Prion	Code injection	15 Mar 202106:15	–	prion
Packet Storm	VestaCP 0.9.8 Cross Site Request Forgery	17 Mar 202100:00	–	packetstorm
OSV	CVE-2021-28379	15 Mar 202106:15	–	osv
0day.today	VestaCP 0.9.8 - File Upload CSRF Vulnerability	17 Mar 202100:00	–	zdt
NVD	CVE-2021-28379	15 Mar 202106:15	–	nvd
Exploit DB	VestaCP 0.9.8 - File Upload CSRF	17 Mar 202100:00	–	exploitdb

Nvd

Node

myvestacp myvestaRange≤0.9.8-26-39

vestacp vesta_control_panelRange≤0.9.8-27

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/161836/VestaCP-0.9.8-Cross-Site-Request-Forgery.html
github	www.github.com/myvesta/vesta/commit/3402071e950e76b79fa8672a1e09b70d3860f355

Parameter	Position	Path	Description	CWE
dir	query param	/upload/index.php	VestaCP's upload functionality is vulnerable to CSRF allowing arbitrary file uploads.	CWE-434

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Mar 2021 06:15Current

8.6High risk

Vulners AI Score8.6

CVSS26.8

CVSS38.8

EPSS0.0329

CWE-434