Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vestacp vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-46850
myVesta Control Panel prior to 0.9.8-26-43 and Vesta Control Panel prior to 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/s...
Vestacp Control Panel
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2015-4117
Vesta Control Panel prior to 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
Vestacp Control Panel
1 EDB exploit
7.8
CVSSv3
CVE-2022-3967
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch ...
Vestacp Control Panel
6.1
CVSSv3
CVE-2018-18547
Vesta Control Panel up to and including 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.
Vestacp Control Panel
9.8
CVSSv3
CVE-2018-1000884
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release before 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determ...
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2019-9859
Vesta Control Panel (VestaCP) 0.9.7 up to and including 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP exe...
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2020-10786
A remote command execution in Vesta Control Panel up to and including 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2020-10787
An elevation of privilege in Vesta Control Panel up to and including 0.9.8-26 allows an malicious user to gain root system access from the admin account via v-change-user-password (aka the user password change script).
Vestacp Vesta Control Panel
NA
CVE-2015-2861
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel prior to 0.9.8-14 allows remote malicious users to hijack the authentication of arbitrary users.
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2020-10808
Vesta Control Panel (VestaCP) up to and including 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout...
Vestacp Vesta Control Panel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »