CVE-2019-12792

Опубликовано: 15 авг. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.

Ссылки

https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-upload-handler/
Exploit
Third Party Advisory
https://github.com/serghey-rodin/vesta/issues/1921
Third Party Advisory
https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-upload-handler/
Exploit
Third Party Advisory
https://github.com/serghey-rodin/vesta/issues/1921
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vestacp:control_panel:0.9.8-24:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08257

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-m5c2-xqg6-3892