Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9859

EPSS 0.80% · P74
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-9859

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. This function comes from the PHP library directly and its description is as follows: "escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument." It means that if you give Username, it will have 'Username' as a replacement. This works well and protects users from exploiting this potentially dangerous exec function. Unfortunately, VestaCP uses this escapeshellarg function incorrectly in several places.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vesta Control Panel 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vesta Control Panel(VestaCP)是一个开源的虚拟主机控制面板。 VestaCP 0.9.7版本至0.9.8-23版本中存在操作系统命令注入漏洞。攻击者可利用该漏洞提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-9859

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-9859

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-03-10 · 83 CVEs total

CVE-2020-0042Google Android FPC 缓冲区错误漏洞
CVE-2020-0063Android System 安全漏洞
CVE-2020-0038Android System 缓冲区错误漏洞
CVE-2020-0039Android System 缓冲区错误漏洞
CVE-2020-0037Android System 缓冲区错误漏洞
CVE-2020-0034Android Media Framework 缓冲区错误漏洞
CVE-2020-0033Android Media Framework 缓冲区错误漏洞
CVE-2020-0032Android Media Framework 缓冲区错误漏洞
CVE-2020-0031Android Framework 信息泄露漏洞
CVE-2020-0035Android System 信息泄露漏洞
CVE-2020-0041Google Android Binder 缓冲区错误漏洞
CVE-2020-0043Google Android FPC Fingerprint TEE 组件缓冲区错误漏洞
CVE-2020-0044Google Android FPC Fingerprint TEE 组件缓冲区错误漏洞
CVE-2020-0069Google Android Mediatek Command Queue driver 缓冲区错误漏洞
CVE-2020-0058Android System 缓冲区错误漏洞
CVE-2020-0059Android System 缓冲区错误漏洞
CVE-2020-0060Android System SQL注入漏洞
CVE-2020-0083Android System 安全漏洞
CVE-2020-0061Android System 安全漏洞
CVE-2020-0045Android Framework 竞争条件问题漏洞

Showing top 20 of 83 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-9859

No comments yet

Leave a comment