VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HVestacp Control Panel
APPVestacp≤ 0.9.8-24
Related vulnerabilities
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command inj...
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote at...
A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers...
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell ...
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown fu...