Vulnerabilities > Vestacp > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-11-29 CVE-2021-43693 Unspecified vulnerability in Vestacp Vesta Control Panel 0.9.824
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
network
low complexity
vestacp
critical
9.8
2018-12-20 CVE-2018-1000884 Information Exposure Through Discrepancy vulnerability in Vestacp Vesta Control Panel
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password.
network
low complexity
vestacp CWE-203
critical
9.8