Vesta Control Panel Authenticated Remote Code Execution
Posted by deepcore on April 7, 2020 – 2:53 pm
This Metasploit module exploits command injection vulnerability in v-list-user-backups bash script file. Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.
Post a reply
You must be logged in to post a comment.