Filtered by vendor Vestacp
Subscribe
Total
22 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-10686 | 1 Vestacp | 1 Control Panel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php. | |||||
CVE-2015-2861 | 1 Vestacp | 1 Vesta Control Panel | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users. |