Cyrus-And

**Name of the Vulnerable Software and Affected Versions** Vesta Control Panel version 0.9.8-24 **Description** A directory traversal issue in the v-list-user script allows remote attackers to escalate privileges from regular registered users to root via the password reset form. **Recommendations** For Vesta Control Panel version 0.9.8-24, consider restricting access to the password reset form until a patch is available. As a temporary workaround, disabling the password reset functionality for regular registered users may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vesta Control Panel version 0.9.8-24 **Description** A command injection issue in the UploadHandler.php file allows remote attackers to escalate privileges from regular registered users to root. **Recommendations** For Vesta Control Panel version 0.9.8-24, consider restricting access to the UploadHandler.php file until a patch is available.