5 matches found
CVE-2020-10808
Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...
Vesta Control Panel Authenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This module exploits an authenticated command injection vulnerabilit...
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution Exploit
This Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user. This module requires Metasploit: https://metasploit.com/download Current source:...
Vesta Control Panel Authenticated Remote Code Execution
This module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2020-10808
CVE-2020-10808 affects Vesta Control Panel (VestaCP) up to version 0.9.8-26. It describes a command injection vulnerability in the schedule/backup Backup Listing Endpoint. The attacker must create a crafted filename on the server, demonstrated via an FTP session that renames a file (e.g., .bash_l...