First published: Mon Mar 15 2021(Updated: )
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Myvestacp Myvesta | <=0.9.8-26-39 | |
Vestacp Vesta Control Panel | <=0.9.8-27 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-28379 is high with a CVSS score of 8.8.
CVE-2021-28379 is a vulnerability in Vesta Control Panel (VestaCP) and myVesta that allows uploads from a different origin.
CVE-2021-28379 allows uploads from a different origin, which can lead to unauthorized file uploads and potential security breaches in Vesta Control Panel (VestaCP) and myVesta.
To fix CVE-2021-28379, update Vesta Control Panel (VestaCP) to version 0.9.8-27 or myVesta to version 0.9.8-26-39, as appropriate.
Yes, you can find references for CVE-2021-28379 at the following links: [Reference 1](http://packetstormsecurity.com/files/161836/VestaCP-0.9.8-Cross-Site-Request-Forgery.html) and [Reference 2](https://github.com/myvesta/vesta/commit/3402071e950e76b79fa8672a1e09b70d3860f355).