Vesta Control Panel - Forum

hello
SOS any fix for this exploit
https://packetstormsecurity.com/files/1 ... xec.rb.txt

Basicly, dpeca has already patched the issues on github, but Serghey seems to be offline since a long time - he's the only one who can publish a new version to the repository.

Disclaimer: I stopped any work on vesta due to my work on my own fork - just want that users are aware of the possible fixes of the current exploits.

viewtopic.php?f=10&t=19714

I see video for this exploit. I think to use this exploit you must have on server user account and ftp service. It correct? If yes - no problem for single-user server.

Then there is a second exploit, which allows you to overwrite the link in password reset mail, combine this two exploits and a bit luck (or blindness of an user) and you're in...