Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vesta control panel vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-46850
myVesta Control Panel prior to 0.9.8-26-43 and Vesta Control Panel prior to 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/s...
Vestacp Control Panel
Vestacp Vesta Control Panel
NA
CVE-2015-2861
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel prior to 0.9.8-14 allows remote malicious users to hijack the authentication of arbitrary users.
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2020-10808
Vesta Control Panel (VestaCP) up to and including 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout...
Vestacp Vesta Control Panel
7.2
CVSSv3
CVE-2021-30462
VestaCP up to and including 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts.
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2020-10786
A remote command execution in Vesta Control Panel up to and including 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2020-10787
An elevation of privilege in Vesta Control Panel up to and including 0.9.8-26 allows an malicious user to gain root system access from the admin account via v-change-user-password (aka the user password change script).
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2019-9859
Vesta Control Panel (VestaCP) 0.9.7 up to and including 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP exe...
Vestacp Vesta Control Panel
9.8
CVSSv3
CVE-2018-1000884
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release before 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determ...
Vestacp Vesta Control Panel
6.1
CVSSv3
CVE-2022-34025
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
8.8
CVSSv3
CVE-2021-28379
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) up to and including 0.9.8-27 and myVesta up to and including 0.9.8-26-39 allows uploads from a different origin.
Myvestacp Myvesta
Vestacp Vesta Control Panel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »