Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vesta Control Panel 后置链接漏洞
Vulnerability Description
Vesta Control Panel(VestaCP)是一个开源的虚拟主机控制面板。 Vesta Control Panel 0.9.8-24版本及之前版本存在安全漏洞,攻击者可利用该漏洞通过创建到他们没有权限的文件的符号链接来获得特权。
CVSS Information
N/A
Vulnerability Type
N/A