CVE-2021-28379: Malicious File Upload
First published: Mon Mar 15 2021(Updated: )
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Myvestacp Myvesta | <=0.9.8-26-39 | |
| Vestacp Vesta Control Panel | <=0.9.8-27 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-28379?
The severity of CVE-2021-28379 is high with a CVSS score of 8.8.
What is CVE-2021-28379?
CVE-2021-28379 is a vulnerability in Vesta Control Panel (VestaCP) and myVesta that allows uploads from a different origin.
How does CVE-2021-28379 impact Vesta Control Panel (VestaCP) and myVesta?
CVE-2021-28379 allows uploads from a different origin, which can lead to unauthorized file uploads and potential security breaches in Vesta Control Panel (VestaCP) and myVesta.
How can I fix CVE-2021-28379?
To fix CVE-2021-28379, update Vesta Control Panel (VestaCP) to version 0.9.8-27 or myVesta to version 0.9.8-26-39, as appropriate.
Are there any references for CVE-2021-28379?
Yes, you can find references for CVE-2021-28379 at the following links: [Reference 1](http://packetstormsecurity.com/files/161836/VestaCP-0.9.8-Cross-Site-Request-Forgery.html) and [Reference 2](https://github.com/myvesta/vesta/commit/3402071e950e76b79fa8672a1e09b70d3860f355).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/myvestacp
- canonical/myvestacp myvesta
- version/myvestacp myvesta/0.9.8-26-39
- vendor/vestacp
- canonical/vestacp vesta control panel
- version/vestacp vesta control panel/0.9.8-27