Arbitrary Command Execution Vulnerability in Vesta Control Panel
CVE-2015-4117

8.8HIGH

Key Information:

Vendor

Vestacp

Status
Control Panel
Vendor
CVE Published:
28 February 2018

What is CVE-2015-4117?

The Vesta Control Panel, prior to version 0.9.8-14, is susceptible to an arbitrary command execution vulnerability. This issue arises when remote authenticated users exploit shell metacharacters in the 'backup' parameter of the list/backup/index.php script. Malicious users can leverage this flaw to execute arbitrary commands on the server, posing significant risks to data integrity and server security. It is crucial for users of affected versions to apply the latest updates and consult security advisories.

References

https://www.exploit-db.com/exploits/37369/
exploitx_refsource_EXPLOIT-DB
http://vestacp.com/roadmap/#history
x_refsource_CONFIRM
https://www.htbridge.com/advisory/HTB23261
x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.