Skip to main content

Control Panel CVE-2022-1509

HIGH
Command Injection (CWE-77)
2022-04-28 security@huntr.dev
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 28, 2022 - 10:15 nvd
HIGH 8.8

DescriptionNVD

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.

AnalysisAI

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. Affected products include: Hestiacp Control Panel. Version information: prior to 1.5.12..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2021-3797 CRITICAL POC
9.8 Sep 15

hestiacp is vulnerable to Use of Wrong Operator in String Comparison. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2022-2636 HIGH POC
8.8 Aug 05

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated h

CVE-2022-2550 HIGH POC
8.8 Jul 27

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. Rated high severity (CVSS 8.8), this vulnera

CVE-2019-12792 HIGH POC
8.8 Aug 15

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escala

CVE-2019-12791 HIGH POC
8.8 Aug 15

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to

CVE-2023-5839 HIGH POC
7.8 Oct 29

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. Rated high severity (CVSS 7.8), this vulnerabi

CVE-2021-30463 HIGH POC
7.8 Apr 08

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissio

CVE-2022-2626 HIGH POC
7.2 Aug 05

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated high severity (CVSS 7.2), th

CVE-2020-10966 MEDIUM POC
6.5 Mar 25

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header

CVE-2023-3479 MEDIUM POC
6.1 Jun 30

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. Rated medium severity (CVS

CVE-2022-0986 MEDIUM POC
6.1 Mar 16

Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. Rated medium

CVE-2022-0752 MEDIUM POC
6.1 Mar 04

Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. Rated medium severity (CVSS

Share

CVE-2022-1509 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy