CVE-2021-46850

High

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and…

mitre·CWE-88·Published 2022-10-24

CVSS

7.2

EPSS

0.05

KEV

Exploits

cve.orgen

291 chars

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.

NVDen

291 chars

NVDes

337 chars

myVesta Control Panel versiones anteriores a 0.9.8-26-43 y Vesta Control Panel versiones anteriores a 0.9.8-26, son vulnerables a una inyección de comandos. Un usuario administrativo autenticado y remoto puede ejecutar comandos arbitrarios por medio del parámetro v_sftp_license cuando envía peticiones HTTP POST al endpoint /edit/server

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.2	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H