Lucene search
K

13 matches found

EUVD
EUVD
β€’added yesterdayβ€’5 views

EUVD-2026-41665

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the vftpuser parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVest...

8.5CVSS6.7AI score
Exploits0References2
RedhatCVE
RedhatCVE
β€’added 2026/01/09 11:24 a.m.β€’5 views

CVE-2021-28379

web/upload/UploadHandler.php in Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin...

8.8CVSS6.9AI score0.06033EPSS
Exploits4References1
OSV
OSV
β€’added 2022/10/24 2:15 p.m.β€’19 views

CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

7.2CVSS8.1AI score
Exploits0References5
Prion
Prion
β€’added 2022/10/24 2:15 p.m.β€’18 views

Command injection

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

5.8CVSS7.6AI score0.05241EPSS
Exploits1References5Affected Software2
Vulnrichment
Vulnrichment
β€’added 2022/10/24 12:0 a.m.β€’6 views

CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

7.6AI score0.05241EPSS
Exploits1References5
CVE
CVE
β€’added 2022/10/24 12:0 a.m.β€’67 views

CVE-2021-46850

CVE-2021-46850 affects myVesta Control Panel <0.9.8-26-43 and Vesta Control Panel

7.2CVSS7.5AI score0.05241EPSS
Exploits1References5Affected Software2
Huntr
Huntr
β€’added 2021/08/24 2:15 p.m.β€’7 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to rename any file on the server if logged in user visits attacker website. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt renames to test.php. //PoC.html history.pushState'',...

1.2AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/08/24 2:3 p.m.β€’9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download error log and potentially sensitive information leakage. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that you...

0.6AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/08/24 2:0 p.m.β€’6 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to "delete" an element from favorite. this vulnerability happens on some sections. for example on β€œFirewall” tab list/firewall/ πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally first record deletes from...

0.8AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/08/24 1:56 p.m.β€’9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to add an element to favorite. this vulnerability happens on some sections. for example on β€œFirewall” tab list/firewall/ πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally first record saves as favorite...

0.7AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/08/24 1:46 p.m.β€’9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to logout user if a logged in user visits attacker website. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out history.pushState'', '', '/' document.forms0.submit; πŸ’₯ Impact This vulnerability is...

1.6AI score
Exploits0References1
NVD
NVD
β€’added 2021/03/15 6:15 a.m.β€’22 views

CVE-2021-28379

web/upload/UploadHandler.php in Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin...

8.8CVSS0.06033EPSS
Exploits4References2
CVE
CVE
β€’added 2021/03/15 5:56 a.m.β€’133 views

CVE-2021-28379

CVE-2021-28379 affects Vesta Control Panel (VestaCP) and myVesta up to versions 0.9.8-27 / 0.9.8-26-39, where web/upload/UploadHandler.php does not enforce origin checks, allowing cross-origin file uploads. The vulnerability is described as a CSRF-style/file upload issue that can enable uploading...

8.8CVSS8.6AI score0.06033EPSS
Exploits4References2Affected Software2
Rows per page
Query Builder