HIGH🇵🇱 Wersja polska

CVE-2019-12791

CVSS 8.8v3.0pub. 2019-08-15upd. 2024-11-21

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Vestacp Control Panel

    APP
    Vestacp
    0.9.8-24
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2021-46850HIGH7.2ten sam produkt

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command inj...

CVE-2021-30463HIGH7.8ten sam produkt

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack...

CVE-2019-12792HIGH8.8ten sam produkt

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers...

CVE-2015-4117HIGH8.8ten sam produkt

Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell ...

CVE-2022-3967MEDIUM5.3ten sam produkt

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown fu...