CVE-2018-10686

Name of the Vulnerable Software and Affected Versions Vesta Control Panel version 0.9.8-20

Description An issue was discovered that allows for Reflected XSS via the path variable in the view/file/index.php URI. This can potentially lead to remote PHP code execution through vectors involving a file put contents call in web/upload/UploadHandler.php.

Recommendations For Vesta Control Panel version 0.9.8-20, consider restricting access to the view/file/index.php URI and limiting the use of the file put contents function in web/upload/UploadHandler.php to minimize the risk of exploitation. Additionally, validate and sanitize the path variable to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.