Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vestacp control panel vulnerabilities and exploits
(subscribe to this query)
802
VMScore
CVE-2020-10787
An elevation of privilege in Vesta Control Panel up to and including 0.9.8-26 allows an malicious user to gain root system access from the admin account via v-change-user-password (aka the user password change script).
Vestacp Vesta Control Panel
801
VMScore
CVE-2020-10808
Vesta Control Panel (VestaCP) up to and including 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout...
Vestacp Vesta Control Panel
383
VMScore
CVE-2019-9841
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.
Vestacp Control Panel 0.9.8-23
801
VMScore
CVE-2019-12791
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote malicious users to escalate from regular registered users to root via the password reset form.
Vestacp Control Panel 0.9.8-24
801
VMScore
CVE-2019-12792
A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote malicious users to escalate from regular registered users to root.
Vestacp Control Panel 0.9.8-24
383
VMScore
CVE-2018-10686
An issue exists in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.
Vestacp Control Panel 0.9.8-20
668
VMScore
CVE-2021-43693
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
Vestacp Vesta Control Panel 0.9.8-24
NA
CVE-2022-36303
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
NA
CVE-2022-36304
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
NA
CVE-2022-36305
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »