Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.9 views

CVE-2020-10808

Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...

9CVSS7AI score0.77261EPSS
Exploits7References1
Packet Storm
Packet Storm
added 2020/04/14 12:0 a.m.122 views

Vesta Control Panel Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This module exploits an authenticated command injection vulnerabilit...

9CVSS0.9AI score0.77261EPSS
Exploits7
0day.today
0day.today
added 2020/04/14 12:0 a.m.381 views

Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution Exploit

This Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user. This module requires Metasploit: https://metasploit.com/download Current source:...

9CVSS0.9AI score0.77261EPSS
Exploits7
Metasploit
Metasploit
added 2020/04/11 9:22 a.m.386 views

Vesta Control Panel Authenticated Remote Code Execution

This module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS9.2AI score0.77261EPSS
Exploits7
CVE
CVE
added 2020/03/22 4:7 p.m.247 views

CVE-2020-10808

CVE-2020-10808 affects Vesta Control Panel (VestaCP) up to version 0.9.8-26. It describes a command injection vulnerability in the schedule/backup Backup Listing Endpoint. The attacker must create a crafted filename on the server, demonstrated via an FTP session that renames a file (e.g., .bash_l...

9CVSS8.6AI score0.77261EPSS
Exploits7References5Affected Software1
Rows per page
Query Builder