Control Panel Security Vulnerabilities and Issues — Control Panel CVE List

Lucene search

VestacpControl Panel

10 matches found

CVE•added 2019/08/15 9:15 p.m.•112 views

CVE-2019-12791

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form.

9CVSS8.8AI score0.06102EPSS

CVE•added 2019/08/15 9:15 p.m.•111 views

CVE-2019-12792

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.

9CVSS8.9AI score0.08652EPSS

CVE•added 2020/03/25 11:15 p.m.•71 views

CVE-2020-10966

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.

6.5CVSS6.4AI score0.00505EPSS

CVE•added 2022/10/24 2:15 p.m.•56 views

CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.

7.2CVSS7.5AI score0.18623EPSS

CVE•added 2018/02/28 10:29 p.m.•50 views

CVE-2015-4117

Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.

8.8CVSS8.7AI score0.07863EPSS

CVE•added 2021/04/08 2:15 p.m.•39 views

CVE-2021-30463

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&co...

7.8CVSS7.8AI score0.00056EPSS

CVE•added 2022/11/13 8:15 a.m.•39 views

CVE-2022-3967

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe5...

7.8CVSS6.7AI score0.00032EPSS

CVE•added 2018/10/24 9:29 p.m.•37 views

CVE-2018-18547

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.

6.1CVSS6AI score0.00234EPSS

CVE•added 2018/05/06 5:29 a.m.•31 views

CVE-2018-10686

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.

6.1CVSS6.3AI score0.00427EPSS

CVE•added 2019/04/19 7:29 p.m.•29 views

CVE-2019-9841

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.

6.1CVSS5.8AI score0.00397EPSS