Arbitrary Command Execution in Vesta Control Panel (CVE-2021-12345)

Arbitrary Command Execution in Vesta Control Panel (CVE-2021-12345)

CVE-2015-4117 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.

Learn more about our User Device Pen Test.