ГлавнаяУязвимости → CVE-2021-47871
8.8высокая

CVE-2021-47871

Описание

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.

CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/hestiacp/hestiacphttps://hestiacp.com/https://www.exploit-db.com/exploits/49667https://www.vulncheck.com/advisories/hestia-control-panel-arbitrary-file-write