vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
vestacp vesta control panel 0.9.8-24