Описание
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitTechnical DescriptionThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.8-26-43 (исключая)Версия до 0.9.8-26 (исключая)
Одно из
cpe:2.3:a:vestacp:control_panel:*:*:*:*:*:*:*:*
cpe:2.3:a:vestacp:vesta_control_panel:*:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.15924
Средний
7.2 High
CVSS3
Дефекты
CWE-88
CWE-88
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
EPSS
Процентиль: 95%
0.15924
Средний
7.2 High
CVSS3
Дефекты
CWE-88
CWE-88