Lucene search
K
VestacpControl Panel

10 matches found

CVE
CVE
added 2019/08/15 8:34 p.m.127 views

CVE-2019-12791

A vulnerability (CVE-2019-12791) affects Vesta Control Panel 0.9.8-24. The v-list-user script’s directory traversal allows a regular registered user to escalate to root via the password reset form. Impact is documented as a privilege escalation with potential full compromise of the host (root). T...

9CVSS8.8AI score0.06497EPSS
CVE
CVE
added 2019/08/15 8:39 p.m.122 views

CVE-2019-12792

CVE-2019-12792 describes a command injection vulnerability in the UploadHandler.php component of Vesta Control Panel 0.9.8-24 , allowing a logged-in regular user to escalate privileges to root. The connected Red Hat and OSV/NVD entries confirm the same description. The documents do not provide de...

9CVSS8.9AI score0.04859EPSS
CVE
CVE
added 2020/03/25 10:50 p.m.92 views

CVE-2020-10966

Summary (CVE-2020-10966): The vulnerability affects Vesta Control Panel and Hestia Control Panel Password Reset Module. Through versions VestaCP up to 0.9.8-25 (and Hestia up to 1.1.1), an attacker can manipulate the Host header to cause an account takeover, as the reset URL delivered to the vict...

6.5CVSS6.4AI score0.01853EPSS
CVE
CVE
added 2018/02/28 10:0 p.m.74 views

CVE-2015-4117

Vesta Control Panel prior to 0.9.8-14 is vulnerable to OS command injection in the backup parameter of /list/backup/index.php. An authenticated user can inject shell metacharacters to execute arbitrary commands with admin privileges, potentially compromising the entire panel. Remediation: upgrade...

8.8CVSS8.7AI score0.10818EPSS
Web
CVE
CVE
added 2022/10/24 12:0 a.m.71 views

CVE-2021-46850

CVE-2021-46850 affects myVesta Control Panel <0.9.8-26-43 and Vesta Control Panel

7.2CVSS7.5AI score0.05241EPSS
Web
CVE
CVE
added 2021/04/08 1:54 p.m.53 views

CVE-2021-30463

VestaCP

7.8CVSS7.8AI score0.00497EPSS
Web
CVE
CVE
added 2022/11/13 12:0 a.m.50 views

CVE-2022-3967

CVE-2022-3967 affects Vesta Control Panel, specifically the sed Handler component in func/main.sh. The vulnerability enables argument injection and requires local access to exploit. Patch 39561c32c12cabe563de48cc96eccb9e2c655e25 is identified as the fix; apply it to mitigate. Other details in con...

7.8CVSS6.7AI score0.00221EPSS
CVE
CVE
added 2018/10/24 9:0 p.m.48 views

CVE-2018-18547

Vesta Control Panel (VestaCP) up to version 0.9.8-22 is affected by a cross-site scripting (XSS) vulnerability. The issue arises from unsanitized input in multiple endpoints (edit/web/?domain=, list/backup/?backup=, list/rrd/?period=, list/directory/?dir_a=, and list/directory/ URIs), allowing an...

6.1CVSS6AI score0.01058EPSS
Web
CVE
CVE
added 2018/05/06 5:0 a.m.45 views

CVE-2018-10686

Vesta Control Panel 0.9.8-20 is affected by a Reflected XSS vulnerability in the view/file/index.php path, exploitable via the $_REQUEST['path'] parameter. The issue can lead to remote PHP code execution through a file_put_contents call in web/upload/UploadHandler.php. This vulnerability is surfa...

6.1CVSS6.3AI score0.01273EPSS
Web
CVE
CVE
added 2019/04/19 6:34 p.m.39 views

CVE-2019-9841

CVE-2019-9841 affects Vesta Control Panel 0.9.8-23 and is a reflected/URL-based cross-site scripting vulnerability disclosed by multiple sources (NVD, OSV, CVE List). The issue is triggered by a crafted URL that leads to XSS in the product’s web interface (notably via the file-manager API per lin...

6.1CVSS5.8AI score0.01324EPSS