CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10787
https://notcve.org/view.php?id=CVE-2020-10787
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script). Una elevación de privilegios en Vesta Control Panel versiones hasta la versión 0.9.8-26, permite a un atacante conseguir acceso al sistema root desde la cuenta de administrador por medio de v-change-user-password (también se conoce como script de cambio de contraseña de usuario). • https://gitlab.com/snippets/1954764 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10786
https://notcve.org/view.php?id=CVE-2020-10786
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs. Una ejecución de comando remota en Vesta Control Panel versiones hasta la versión 0.9.8-26, permite a cualquier usuario autentificado ejecutar comandos arbitrarios en el sistema por medio de trabajos cron. • https://gitlab.com/snippets/1954764 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10966
https://notcve.org/view.php?id=CVE-2020-10966
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. En el Password Reset Module en VESTA Control Panel versiones hasta 0.9.8-25 y Hestia Control Panel versiones hasta 1.1.0, la manipulación del encabezado Host conlleva a la toma de control de la cuenta porque la víctima recibe un URL de restablecimiento que contiene un nombre de servidor controlado por el atacante. • https://github.com/hestiacp/hestiacp/issues/748 https://github.com/hestiacp/hestiacp/releases/tag/1.1.1 https://github.com/serghey-rodin/vesta/commit/c3c4de43d6701560f604ca7996f717b08e3d7d1d •
CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 3CVE-2020-10808 – Vesta Control Panel Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-10808
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters. Vesta Control Panel (VestaCP) versiones hasta 0.9.8-26, permite la inyección de comandos por medio del Backup Listing Endpoint de schedule/backup. El atacante debe ser capaz de crear un nombre de archivo diseñado en el servidor, como es demostrado mediante una sesión FTP que renombra .bash_logout a una subcadena .bash_logout' seguido por metacaracteres de shell. • http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html http://packetstormsecurity.com/files/157219/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html https://forum.vestacp.com/viewforum.php?f=25 https://github.com/rapid7/metasploit-framework/pull/13094 https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9859
https://notcve.org/view.php?id=CVE-2019-9859
Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. • https://ssd-disclosure.com/?p=3926 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •