A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HVestacp Control Panel
APPVestacp0.9.8-24
Related vulnerabilities
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command inj...
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack...
A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers...
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell ...
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown fu...