Cross-Origin File Upload Vulnerability in Vesta Control Panel (VestaCP) and myVesta
CVE-2021-28379 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
Learn more about our Web Application Penetration Testing UK.