PT-2021-17338 · Unknown · Hestia Control Panel

Kujoe

Published

2021-02-16

Updated

2021-06-03

CVE-2021-27231

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Hestia Control Panel versions 1.3.5 and below Hestia Control Panel versions 1.3.3 and below can be consolidated into the previous line, so the final output is: Hestia Control Panel versions 1.3.5 and below

Description: The issue allows remote authenticated users to create a subdomain for a different customer's domain name in a shared-hosting environment, leading to potential spoofing of services or email messages.

Recommendations: For Hestia Control Panel versions 1.3.5 and below, consider restricting subdomain creation privileges to prevent unauthorized access to other customers' domain names until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-27231

Affected Products

Hestia Control Panel

PT-2021-17338 · Unknown · Hestia Control Panel

CVE-2021-27231

Related Identifiers

Affected Products

References · 7