4 matches found
CVE-2020-10808
Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...
CVE-2020-10808
Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...
CVE-2020-10808
Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...
PT-2020-12337 · Vestacp · Vesta Control Panel
Name of the Vulnerable Software and Affected Versions: Vesta Control Panel VestaCP versions 0.9.8-26 and earlier Description: The issue allows Command Injection via the "schedule/backup Backup Listing Endpoint". An attacker must be able to create a crafted filename on the server. This can be...