Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2021-46850

Published: 24/10/2022 Updated: 08/08/2023
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 0
Subscribe to Vestacp

Vulnerability Summary

myVesta Control Panel prior to 0.9.8-26-43 and Vesta Control Panel prior to 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vestacp control panel

vestacp vesta control panel

References

CWE-88https://github.com/myvesta/vesta/releases/tag/0.9.8-26-43https://www.exploit-db.com/exploits/49674https://github.com/myvesta/vesta/commit/7991753ab7c5c568768028fb77554db8ea149f17https://github.com/serghey-rodin/vesta/commit/a4e4542a6d1351c2857b169f8621dd9a13a2e896https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.htmlhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook