Security Advisory

CVE-2020-10808

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-03-22 16:07:34

Last updated 2024-08-04 11:14:15

Assigner mitre

State PUBLISHED

Description

Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout substring followed by shell metacharacters.

← Browse all CVEs View on cve.org ↗