CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10786
https://notcve.org/view.php?id=CVE-2020-10786
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs. Una ejecución de comando remota en Vesta Control Panel versiones hasta la versión 0.9.8-26, permite a cualquier usuario autentificado ejecutar comandos arbitrarios en el sistema por medio de trabajos cron. • https://gitlab.com/snippets/1954764 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 3CVE-2020-10808 – Vesta Control Panel Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-10808
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters. Vesta Control Panel (VestaCP) versiones hasta 0.9.8-26, permite la inyección de comandos por medio del Backup Listing Endpoint de schedule/backup. El atacante debe ser capaz de crear un nombre de archivo diseñado en el servidor, como es demostrado mediante una sesión FTP que renombra .bash_logout a una subcadena .bash_logout' seguido por metacaracteres de shell. • http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html http://packetstormsecurity.com/files/157219/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html https://forum.vestacp.com/viewforum.php?f=25 https://github.com/rapid7/metasploit-framework/pull/13094 https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9859
https://notcve.org/view.php?id=CVE-2019-9859
Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. • https://ssd-disclosure.com/?p=3926 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000884
https://notcve.org/view.php?id=CVE-2018-1000884
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19. Vesta CP, en versiones anteriores al commit con ID f6f6f9cfbbf2979e301956d1c6ab5c44386822c0, en cualquier versión anterior a la 0.9.8-18, contiene una vulnerabilidad CWE-208 / Exposición de información mediante una discrepancia en la temporización en el código de restablecimiento de la contraseña (web/reset/index.php, línea 51) que puede resultar en la posibilidad de determinar códigos de restablecimiento de contraseñas, haciendo que un atacante pueda cambiar la contraseña del administrador. Este ataque parece ser explotable mediante conectividad a una red no autenticada. • https://github.com/serghey-rodin/vesta/commit/5f68c1b634abec2d5a4f83156bfd223d3a792f77#diff-4d7863e8c24a5e6102073acc2fb0f227 • CWE-203: Observable Discrepancy •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2861
https://notcve.org/view.php?id=CVE-2015-2861
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en Vesta Control Panel anterior a 0.9.8-14 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://vestacp.com/roadmap/#history http://www.kb.cert.org/vuls/id/842780 http://www.securityfocus.com/bid/75215 https://github.com/serghey-rodin/vesta/commit/527e4a9a62204be9b34c1338fadfe959b0fd3974 • CWE-352: Cross-Site Request Forgery (CSRF) •