CVE-2021-46850

HIGH Year: 2021
CVSS v3 Score
7.2
High
Weakness Type
CWE-88
View all →

Vulnerability Description

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.

Related Vulnerabilities

CVE-2020-14421

HIGH
CVSS:7.2(High)

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.

CWE-882020

CVE-2020-35136

HIGH
CVSS:7.2(High)

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for...

CWE-882020

CVE-2020-5792

HIGH
CVSS:7.2(High)

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of ...

CWE-882020

CVE-2021-34816

HIGH
CVSS:7.2(High)

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.

CWE-882021

CVE-2021-3540

HIGH
CVSS:7.2(High)

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

CWE-882021

CVE-2022-37027

HIGH
CVSS:7.2(High)

Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options...

CWE-882022