Vesta Control Panel@0.9.8-26 Security Vulnerabilities and Issues — Vesta Control Panel@0.9.8-26 CVE List

Lucene search

VestacpVesta Control Panel0.9.8-26

3 matches found

CVE•added 2020/03/22 5:15 p.m.•212 views

CVE-2020-10808

Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell m...

9CVSS8.6AI score0.86469EPSS

CVE•added 2020/04/21 5:15 p.m.•45 views

CVE-2020-10786

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.

9CVSS9AI score0.03273EPSS

CVE•added 2020/04/21 5:15 p.m.•34 views

CVE-2020-10787

An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).

9CVSS8.8AI score0.00448EPSS