Vulnerability Description
Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
CVSS Score
9.9
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hestiacp | Control Panel | < 1.5.12 |
Related Weaknesses (CWE)
References
- https://github.com/hestiacp/hestiacp/commit/d50f95cf208049dfb6ac67a8020802121745Patch
- https://huntr.dev/bounties/09e69dff-f281-4e51-8312-ed7ab7606338ExploitIssue TrackingPatch
- https://github.com/hestiacp/hestiacp/commit/d50f95cf208049dfb6ac67a8020802121745Patch
- https://huntr.dev/bounties/09e69dff-f281-4e51-8312-ed7ab7606338ExploitIssue TrackingPatch
FAQ
What is CVE-2022-1509?
CVE-2022-1509 is a vulnerability with a CVSS score of 9.9 (CRITICAL). Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
How severe is CVE-2022-1509?
CVE-2022-1509 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-1509?
Check the references section above for vendor advisories and patch information. Affected products include: Hestiacp Control Panel.