Command injection

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

Vesta Control Panel 参数注入漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A parameter injection vulnerability exists in Vesta Control Panel versions prior to 0.9.8-26-43 and Vesta Control Panel versions prior to 0.9.8-26, which stems from the fact that when it sends an HTTP POST request to the...

PT-2022-12942 · Unknown · Vesta Control Panel

Name of the Vulnerable Software and Affected Versions: myVesta Control Panel versions prior to 0.9.8-26-43 Vesta Control Panel versions prior to 0.9.8-26 Description: The issue allows an authenticated and remote administrative user to execute arbitrary commands. This can be achieved by sending HT...

VulnCheck KEV: CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...