Known Vulnerabilities for Vesta Control Panel by Vestacp
Listed below are 10 of the newest known vulnerabilities associated with "Vesta Control Panel" by "Vestacp".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-36305 json | Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/uplo... | 6.1 - MEDIUM | 2022-07-19 | 2022-07-25 |
| CVE-2022-36304 json | Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /we... | 6.1 - MEDIUM | 2022-07-19 | 2022-07-25 |
| CVE-2022-36303 json | Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /w... | 6.1 - MEDIUM | 2022-07-19 | 2022-07-25 |
| CVE-2022-34025 json | Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/uplo... | 6.1 - MEDIUM | 2022-07-19 | 2022-07-25 |
| CVE-2021-46850 json | myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An auth... | 7.2 - HIGH | 2022-10-24 | 2023-08-08 |
| CVE-2021-43693 json | vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php. | 9.8 - CRITICAL | 2021-11-29 | 2021-11-30 |
| CVE-2021-30462 json | VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require... | 7.2 - HIGH | 2021-04-08 | 2022-07-12 |
| CVE-2021-28379 json | web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows upl... | 8.8 - HIGH | 2021-03-15 | 2021-03-19 |
| CVE-2020-10808 json | Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The ... | 8.8 - HIGH | 2020-03-22 | 2023-02-03 |
| CVE-2020-10787 json | An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admi... | 8.8 - HIGH | 2020-04-21 | 2021-07-21 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vestacp | Vesta Control Panel | 0.9.8-9 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-8 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-7 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-6 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-5 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-4 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-3 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-26 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-24 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-23 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-22 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-21 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-20 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-2 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-19 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-18 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-17 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-16 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-15 | |||
| Application | Vestacp | Vesta Control Panel | 0.9.8-14 |