CVE-2022-1509

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.

CVSS v3.0 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://huntr.dev/bounties/09e69dff-f281-4e51-8312-ed7ab7606338	Exploit Issue Tracking Patch Third Party Advisory
https://github.com/hestiacp/hestiacp/commit/d50f95cf208049dfb6ac67a8020802121745bd60	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:hestiacp:control_panel:*:*:*:*:*:*:*:*

History

30 Aug 2024, 16:15

Type	Values Removed	Values Added
Summary	~~Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.~~	Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.

14 Feb 2024, 20:40

Type	Values Removed	Values Added
CWE	~~CWE-74~~	CWE-77

Information

Published : 2022-04-28 10:15

Updated : 2024-08-30 16:15

NVD link : CVE-2022-1509

Mitre link : CVE-2022-1509

JSON object : View

Products Affected

hestiacp

control_panel

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

8.8 /10