Every CVE whose affected-product data names Vestacp Control Panel, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2019-12791 — CVSS 8.8 (high): A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from…
CVE-2019-12792 — CVSS 8.8 (high): A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular…
CVE-2015-4117 — CVSS 8.8 (high): Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup…
CVE-2021-30463 — CVSS 7.8 (high): VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading…
CVE-2021-46850 — CVSS 7.2 (high): myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and…
CVE-2020-10966 — CVSS 6.5 (medium): In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads…
CVE-2018-10686 — CVSS 6.1 (medium): An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which…
CVE-2018-18547 — CVSS 6.1 (medium): Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period…
CVE-2022-3967 — CVSS 5.3 (medium): A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file…