VYPR

Vesta Control Panel

by Vestacp

Source repositories

CVEs (11)

  • CVE-2015-4117HigFeb 28, 2018
    risk 0.61cvss 8.8epss 0.11

    Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.

  • CVE-2018-10686MedMay 6, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.

  • CVE-2019-12792Aug 15, 2019
    risk 0.01cvss epss 0.05

    A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.

  • CVE-2022-3967Nov 13, 2022
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch…

  • CVE-2021-46850Oct 24, 2022
    risk 0.00cvss epss 0.05

    myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the…

  • CVE-2020-10787Apr 21, 2020
    risk 0.00cvss epss 0.03

    An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).

  • CVE-2020-10786Apr 21, 2020
    risk 0.00cvss epss 0.05

    A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.

  • CVE-2019-12791Aug 15, 2019
    risk 0.00cvss epss 0.07

    A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form.

  • CVE-2019-9841Apr 19, 2019
    risk 0.00cvss epss 0.01

    Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.

  • CVE-2018-18547Oct 24, 2018
    risk 0.00cvss epss 0.01

    Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.

  • CVE-2015-2861Jun 18, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users.