Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HVestacp Control Panel
APPVestacp< 0.9.8-14
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
Related vulnerabilities
CVE-2021-46850HIGH7.2ten sam produkt
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command inj...
CVE-2021-30463HIGH7.8ten sam produkt
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack...
CVE-2019-12791HIGH8.8ten sam produkt
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote at...
CVE-2019-12792HIGH8.8ten sam produkt
A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers...
CVE-2022-3967MEDIUM5.3ten sam produkt
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown fu...