EXPLOITDB-EDB-49667

EXPLOITDB text WORKING POC

Exploit for CVE-2021-47871 - Hestia Control Panel 1.3.2 - File Write

AI Analysis

This exploit leverages an arbitrary file write vulnerability in Hestia Control Panel by abusing the `v-make-tmp-file` API command to overwrite the `authorized_keys` file, enabling SSH access. The PoC uses a simple curl command to demonstrate the vulnerability.

Attack Type

auth_bypass

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1098 - Account Manipulation

Loading exploit code...

Download ZIP Password: eip

Source

Platform Exploitdb

Type webapps

Platform php

Language text

Files 1

https://www.exploit-db.com/exploits/49667

Authors

numan türle

Vulnerability

CVE-2021-47871

Hestia Control Panel 1.3.2 - File Write

HIGH

CVSS 8.8