CVE-2015-4117

Name of the Vulnerable Software and Affected Versions Vesta Control Panel versions prior to 0.9.8-14

Description The issue allows remote authenticated users to execute arbitrary commands. This is achieved by using shell metacharacters in the backup parameter to the "/list/backup/index.php" API endpoint.

Recommendations For versions prior to 0.9.8-14, update to version 0.9.8-14 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/list/backup/index.php" endpoint until the update is applied. Avoid using the backup parameter in the affected endpoint until the issue is resolved.