Vestacp

Control Panel

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2018-25117

Exploit
  • EPSS 0.07%
  • Veröffentlicht 15.10.2025 01:23:35
  • Zuletzt bearbeitet 16.10.2025 15:29:11

VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to install...

7.8

CVE-2022-3967

  • EPSS 0.05%
  • Veröffentlicht 13.11.2022 08:15:15
  • Zuletzt bearbeitet 21.11.2024 07:20:38

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached l...

7.2

CVE-2021-46850

Exploit
  • EPSS 15.92%
  • Veröffentlicht 24.10.2022 14:15:50
  • Zuletzt bearbeitet 07.05.2025 15:15:52

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP PO...

7.8

CVE-2021-30463

Exploit
  • EPSS 0.06%
  • Veröffentlicht 08.04.2021 14:15:14
  • Zuletzt bearbeitet 21.11.2024 06:03:58

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be c...

6.5

CVE-2020-10966

Exploit
  • EPSS 0.51%
  • Veröffentlicht 25.03.2020 23:15:16
  • Zuletzt bearbeitet 21.11.2024 04:56:28

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.

9

CVE-2019-12791

Exploit
  • EPSS 5.81%
  • Veröffentlicht 15.08.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:23:35

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form.

9

CVE-2019-12792

Exploit
  • EPSS 8.26%
  • Veröffentlicht 15.08.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:23:35

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.

6.1

CVE-2019-9841

Exploit
  • EPSS 0.33%
  • Veröffentlicht 19.04.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:24

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.

6.1

CVE-2018-18547

Exploit
  • EPSS 0.23%
  • Veröffentlicht 24.10.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 03:56:07

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.

6.1

CVE-2018-10686

Exploit
  • EPSS 0.43%
  • Veröffentlicht 06.05.2018 05:29:00
  • Zuletzt bearbeitet 21.11.2024 03:41:51

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandl...