10 matches found
CVE-2019-12791
A vulnerability (CVE-2019-12791) affects Vesta Control Panel 0.9.8-24. The v-list-user script’s directory traversal allows a regular registered user to escalate to root via the password reset form. Impact is documented as a privilege escalation with potential full compromise of the host (root). T...
CVE-2019-12792
CVE-2019-12792 describes a command injection vulnerability in the UploadHandler.php component of Vesta Control Panel 0.9.8-24 , allowing a logged-in regular user to escalate privileges to root. The connected Red Hat and OSV/NVD entries confirm the same description. The documents do not provide de...
CVE-2020-10966
Summary (CVE-2020-10966): The vulnerability affects Vesta Control Panel and Hestia Control Panel Password Reset Module. Through versions VestaCP up to 0.9.8-25 (and Hestia up to 1.1.1), an attacker can manipulate the Host header to cause an account takeover, as the reset URL delivered to the vict...
CVE-2015-4117
Vesta Control Panel prior to 0.9.8-14 is vulnerable to OS command injection in the backup parameter of /list/backup/index.php. An authenticated user can inject shell metacharacters to execute arbitrary commands with admin privileges, potentially compromising the entire panel. Remediation: upgrade...
CVE-2021-46850
CVE-2021-46850 affects myVesta Control Panel <0.9.8-26-43 and Vesta Control Panel
CVE-2021-30463
VestaCP
CVE-2022-3967
CVE-2022-3967 affects Vesta Control Panel, specifically the sed Handler component in func/main.sh. The vulnerability enables argument injection and requires local access to exploit. Patch 39561c32c12cabe563de48cc96eccb9e2c655e25 is identified as the fix; apply it to mitigate. Other details in con...
CVE-2018-18547
Vesta Control Panel (VestaCP) up to version 0.9.8-22 is affected by a cross-site scripting (XSS) vulnerability. The issue arises from unsanitized input in multiple endpoints (edit/web/?domain=, list/backup/?backup=, list/rrd/?period=, list/directory/?dir_a=, and list/directory/ URIs), allowing an...
CVE-2018-10686
Vesta Control Panel 0.9.8-20 is affected by a Reflected XSS vulnerability in the view/file/index.php path, exploitable via the $_REQUEST['path'] parameter. The issue can lead to remote PHP code execution through a file_put_contents call in web/upload/UploadHandler.php. This vulnerability is surfa...
CVE-2019-9841
CVE-2019-9841 affects Vesta Control Panel 0.9.8-23 and is a reflected/URL-based cross-site scripting vulnerability disclosed by multiple sources (NVD, OSV, CVE List). The issue is triggered by a crafted URL that leads to XSS in the product’s web interface (notably via the file-manager API per lin...