• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

control_panel

CVE-2018-18547

February 26, 2023 by

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.

CVE-2018-10686

February 26, 2023 by

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST[‘path’] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.

CVE-2020-10966

February 26, 2023 by

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.

CVE-2019-9841

February 26, 2023 by

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.

CVE-2019-12791

February 26, 2023 by

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form.

CVE-2019-12792

February 26, 2023 by

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE