Vestacp

vestacp

23 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Vesta Control Panel

vesta_control_panel

CVEs (23)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10686 1Vestacp 1Control Panel Nov 21, 2024 May 6, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents...Show more An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.Show less
CVE-2015-4117 1Vestacp 1Control Panel Nov 21, 2024 Feb 28, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
CVE-2015-2861 1Vestacp 1Vesta Control Panel May 6, 2026 Jun 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users.