CVE-2020-10808

Related Files

Vesta Control Panel Authenticated Remote Code Execution

Posted Apr 14, 2020

Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user.

tags | exploit, remote, root, code execution, bash

advisories | CVE-2020-10808

SHA-256 | a64694c4be6f8e142202272067ab8240d23b31e8f44348ffeb1c7d3cbe55c1cf

Download | Favorite | View

Vesta Control Panel Authenticated Remote Code Execution

Posted Apr 6, 2020

Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits command injection vulnerability in v-list-user-backups bash script file. Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.

tags | exploit, arbitrary, root, bash

advisories | CVE-2020-10808

SHA-256 | c994018871aaf2d9fb2b0d77fe7087abdbe4671491c2b25721371a3f880b91c3

Download | Favorite | View