Cross-Origin File Upload Vulnerability in Vesta Control Panel (VestaCP) and myVesta

Cross-Origin File Upload Vulnerability in Vesta Control Panel (VestaCP) and myVesta

CVE-2021-28379 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.

Learn more about our Web Application Penetration Testing UK.