Vulnerabilities > Vestacp > Vesta Control Panel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-22 | CVE-2020-10808 | OS Command Injection vulnerability in Vestacp Vesta Control Panel Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. | 8.8 |
| 2020-03-10 | CVE-2019-9859 | OS Command Injection vulnerability in Vestacp Vesta Control Panel Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. | 8.8 |
| 2018-12-20 | CVE-2018-1000884 | Information Exposure Through Discrepancy vulnerability in Vestacp Vesta Control Panel Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. | 9.8 |