CVE-2021-46850

Name of the Vulnerable Software and Affected Versions myVesta Control Panel versions prior to 0.9.8-26-43 Vesta Control Panel versions prior to 0.9.8-26

Description The issue allows an authenticated and remote administrative user to execute arbitrary commands. This can be achieved by sending HTTP POST requests to the "/edit/server" endpoint and exploiting the v sftp license parameter.

Recommendations For myVesta Control Panel versions prior to 0.9.8-26-43, update to version 0.9.8-26-43 or later. For Vesta Control Panel versions prior to 0.9.8-26, update to version 0.9.8-26 or later.