Lucene search

Vesta Control Panel Security Vulnerabilities - 2020

cve

CVE-2019-9859

Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the ...

8.8CVSS

8.9AI Score

0.002EPSS

2020-03-10 01:15 PM

cve

CVE-2020-10786

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.

8.8CVSS

9AI Score

0.003EPSS

2020-04-21 05:15 PM

cve

CVE-2020-10787

An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).

8.8CVSS

8.8AI Score

0.001EPSS

2020-04-21 05:15 PM

cve

CVE-2020-10808

Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell m...

8.8CVSS

8.6AI Score

0.971EPSS

2020-03-22 05:15 PM

167