PT-2019-12945 · Vesta · Vesta Control Panel
Cyrus-And
·
Publicado
2019-08-15
·
Atualizado
2019-08-28
·
CVE-2019-12791
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Vesta Control Panel version 0.9.8-24
Description
A directory traversal issue in the v-list-user script allows remote attackers to escalate privileges from regular registered users to root via the password reset form.
Recommendations
For Vesta Control Panel version 0.9.8-24, consider restricting access to the password reset form until a patch is available. As a temporary workaround, disabling the password reset functionality for regular registered users may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Vesta Control Panel