Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vesta Control Panel 参数注入漏洞
Vulnerability Description
Vesta Control Panel(VestaCP)是一个开源的虚拟主机控制面板。 Vesta Control Panel 0.9.8-26-43之前的版本和Vesta Control Panel 0.9.8-26之前的版本存在参数注入漏洞,该漏洞源于其在向/edit/server端点发送HTTP POST请求时,经过身份验证的远程管理用户可以通过v_sftp_license参数执行任意命令导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A