CVE-2020-10966

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
Configurations

Configuration 1

cpe:2.3:a:hestiacp:control_panel:*:*:*:*:*:*:*:*
cpe:2.3:a:vestacp:control_panel:*:*:*:*:*:*:*:*

Information

Published : 2020-03-25 11:15

Updated : 2022-07-12 05:42


NVD link : CVE-2020-10966

Mitre link : CVE-2020-10966

Products Affected