CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 3CVE-2020-10808 – Vesta Control Panel Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-10808
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters. Vesta Control Panel (VestaCP) versiones hasta 0.9.8-26, permite la inyección de comandos por medio del Backup Listing Endpoint de schedule/backup. El atacante debe ser capaz de crear un nombre de archivo diseñado en el servidor, como es demostrado mediante una sesión FTP que renombra .bash_logout a una subcadena .bash_logout' seguido por metacaracteres de shell. • http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html http://packetstormsecurity.com/files/157219/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html https://forum.vestacp.com/viewforum.php?f=25 https://github.com/rapid7/metasploit-framework/pull/13094 https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9859
https://notcve.org/view.php?id=CVE-2019-9859
Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. • https://ssd-disclosure.com/?p=3926 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2861
https://notcve.org/view.php?id=CVE-2015-2861
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en Vesta Control Panel anterior a 0.9.8-14 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://vestacp.com/roadmap/#history http://www.kb.cert.org/vuls/id/842780 http://www.securityfocus.com/bid/75215 https://github.com/serghey-rodin/vesta/commit/527e4a9a62204be9b34c1338fadfe959b0fd3974 • CWE-352: Cross-Site Request Forgery (CSRF) •