Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vestacp vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-46850
myVesta Control Panel prior to 0.9.8-26-43 and Vesta Control Panel prior to 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/s...
Vestacp Control Panel
Vestacp Vesta Control Panel
7.8
CVSSv3
CVE-2022-3967
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch ...
Vestacp Control Panel
8.8
CVSSv3
CVE-2015-4117
Vesta Control Panel prior to 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
Vestacp Control Panel
1 EDB exploit
6.1
CVSSv3
CVE-2018-18547
Vesta Control Panel up to and including 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.
Vestacp Control Panel
8.8
CVSSv3
CVE-2020-10787
An elevation of privilege in Vesta Control Panel up to and including 0.9.8-26 allows an malicious user to gain root system access from the admin account via v-change-user-password (aka the user password change script).
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2020-10786
A remote command execution in Vesta Control Panel up to and including 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2020-10808
Vesta Control Panel (VestaCP) up to and including 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout...
Vestacp Vesta Control Panel
8.8
CVSSv3
CVE-2019-9859
Vesta Control Panel (VestaCP) 0.9.7 up to and including 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP exe...
Vestacp Vesta Control Panel
7.2
CVSSv3
CVE-2021-30462
VestaCP up to and including 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts.
Vestacp Vesta Control Panel
NA
CVE-2015-2861
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel prior to 0.9.8-14 allows remote malicious users to hijack the authentication of arbitrary users.
Vestacp Vesta Control Panel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »