Vulnerabilities > CVE-2020-10966

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

hestiacp

vestacp

NVD

Published: 2020-03-25

Updated: 2022-07-12

Summary

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.

Vulnerable Configurations

Part	Description	Count
Application	Hestiacp Hestiacp Control Panel - Hestiacp Control Panel 0.9.8-28 Hestiacp Control Panel 1.00.0-190618 Hestiacp Control Panel 1.0.1 Hestiacp Control Panel 1.0.3 Hestiacp Control Panel 1.0.4 Hestiacp Control Panel 1.0.5 Hestiacp Control Panel 1.0.6 Hestiacp Control Panel 1.1.0	9
Application	Vestacp Vestacp Control Panel 0.9.7-13 Vestacp Control Panel 0.9.7-14 Vestacp Control Panel 0.9.7-15 Vestacp Control Panel 0.9.7-16 Vestacp Control Panel 0.9.7-17 Vestacp Control Panel 0.9.7-18 Vestacp Control Panel 0.9.7-19 Vestacp Control Panel 0.9.7-20 Vestacp Control Panel 0.9.7-21 Vestacp Control Panel 0.9.7-22 Vestacp Control Panel 0.9.8-1 Vestacp Control Panel 0.9.8-2 Vestacp Control Panel 0.9.8-3 Vestacp Control Panel 0.9.8-4 Vestacp Control Panel 0.9.8-5 Vestacp Control Panel 0.9.8-6 Vestacp Control Panel 0.9.8-7 Vestacp Control Panel 0.9.8-8 Vestacp Control Panel 0.9.8-9 Vestacp Control Panel 0.9.8-10 Vestacp Control Panel 0.9.8-11 Vestacp Control Panel 0.9.8-12 Vestacp Control Panel 0.9.8-13 Vestacp Control Panel 0.9.8-14 Vestacp Control Panel 0.9.8-15 Vestacp Control Panel 0.9.8-16 Vestacp Control Panel 0.9.8-17 Vestacp Control Panel 0.9.8-18 Vestacp Control Panel 0.9.8-19 Vestacp Control Panel 0.9.8-20 Vestacp Control Panel 0.9.8-21 Vestacp Control Panel 0.9.8-22 Vestacp Control Panel 0.9.8-23 Vestacp Control Panel 0.9.8-24 Vestacp Control Panel 0.9.8-25	35

Vulnerabilities > CVE-2020-10966 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2020-10966"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2020-10966