First published: Mon Oct 24 2022(Updated: )
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Vestacp Control Panel | <0.9.8-26-43 | |
Vestacp Vesta Control Panel | <0.9.8-26 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-46850.
The severity of CVE-2021-46850 is high with a severity value of 7.2.
Versions of myVesta Control Panel before 0.9.8-26-43 are affected by CVE-2021-46850.
Versions of Vesta Control Panel before 0.9.8-26 are affected by CVE-2021-46850.
The vulnerability in myVesta Control Panel and Vesta Control Panel manifests as a command injection vulnerability.