CVE-2018-10686

2018-05-0605:29:00

Google

osv.dev

0.001 Low

EPSS

Percentile

42.3%

JSON

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST[‘path’] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.

CPENameOperatorVersion
vestaeq0.9.8-10
vestaeq0.9.8-15
vestaeq0.9.8-16
vestaeq0.9.8-11
vestaeq0.9.8-20
vestaeq0.9.8-13
vestaeq0.9.8-17
vestaeq0.9.8-18
vestaeq0.9.8-12
vestaeq0.9.8-19

Name	Operator	Version
vesta	eq	0.9.8-10
vesta	eq	0.9.8-15
vesta	eq	0.9.8-16
vesta	eq	0.9.8-11
vesta	eq	0.9.8-20
vesta	eq	0.9.8-13
vesta	eq	0.9.8-17
vesta	eq	0.9.8-18
vesta	eq	0.9.8-12
vesta	eq	0.9.8-19