漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Hestia Control Panel 1.3.2 - Arbitrary File Write
Vulnerability Description
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
Hestia Control Panel 安全漏洞
Vulnerability Description
Hestia Control Panel是Hestia Control Panel开源的一款主机控制面板。 Hestia Control Panel 1.3.2版本存在安全漏洞,该漏洞源于API index.php端点存在任意文件写入,可能导致经过身份验证的攻击者写入文件。
CVSS Information
N/A
Vulnerability Type
N/A