Arbitrary Package Installation Vulnerability in HestiaCP

Arbitrary Package Installation Vulnerability in HestiaCP

CVE-2021-30070 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.

Learn more about our Web Application Penetration Testing UK.