Vesta Control Panel Security Vulnerabilities and Issues — Vesta Control Panel CVE List

Lucene search

VestacpVesta Control Panel

4 matches found

CVE•added 2020/03/22 5:15 p.m.•208 views

CVE-2020-10808

Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell m...

9CVSS8.6AI score0.86469EPSS

CVE•added 2020/03/10 1:15 p.m.•44 views

CVE-2019-9859

Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the ...

9CVSS8.9AI score0.00803EPSS

CVE•added 2020/04/21 5:15 p.m.•43 views

CVE-2020-10786

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.

9CVSS9AI score0.03273EPSS

CVE•added 2020/04/21 5:15 p.m.•32 views

CVE-2020-10787

An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).

9CVSS8.8AI score0.00448EPSS