Latest vestacp vesta control panel Vulnerabilities

CVE-2021-46850
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via...
Vestacp Control Panel<0.9.8-26-43
Vestacp Vesta Control Panel<0.9.8-26
CVE-2022-36305
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel=1.0.0-5
CVE-2022-36304
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel=1.0.0-5
CVE-2022-36303
Vestacp Vesta Control Panel=1.0.0-5
CVE-2021-43693
Vestacp Vesta Control Panel=0.9.8-24
CVE-2021-28379
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
Myvestacp Myvesta<=0.9.8-26-39
Vestacp Vesta Control Panel<=0.9.8-27
CVE-2020-10787
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).
Vestacp Vesta Control Panel<=0.9.8-26
CVE-2020-10786
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.
Vestacp Vesta Control Panel<=0.9.8-26
CVE-2020-10808
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demons...
Vestacp Vesta Control Panel<=0.9.8-26
CVE-2019-9859
Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the fronten...
Vestacp Vesta Control Panel>=0.9.7-0<=0.9.8-23
CVE-2018-1000884
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Passwor...
Vestacp Vesta Control Panel<0.9.8-18

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203