HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2015-4117

CVSS 8.8v3.0pub. 2018-02-28upd. 2024-11-21

Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Vestacp Control Panel

    APP
    Vestacp
    < 0.9.8-14
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2021-46850HIGH7.2ten sam produkt

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command inj...

CVE-2021-30463HIGH7.8ten sam produkt

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack...

CVE-2019-12791HIGH8.8ten sam produkt

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote at...

CVE-2019-12792HIGH8.8ten sam produkt

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers...

CVE-2022-3967MEDIUM5.3ten sam produkt

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown fu...