3 matches found
CVE-2020-10787
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password aka the user password change script...
CVE-2020-10786
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs...
PT-2020-12337 · Vestacp · Vesta Control Panel
Name of the Vulnerable Software and Affected Versions: Vesta Control Panel VestaCP versions 0.9.8-26 and earlier Description: The issue allows Command Injection via the "schedule/backup Backup Listing Endpoint". An attacker must be able to create a crafted filename on the server. This can be...