CVE-2015-2861
Vesta Control Panel < 0.9.8-14 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75215
Vendor Advisory x_refsource_confirm
http://vestacp.com/roadmap/#history
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/842780
Patch x_refsource_confirm
https://github.com/serghey-rodin/vesta/commit/527e4a9a62204be9b34c1338fadfe959b0fd3974
Scores
EPSS
0.0121
EPSS Percentile
64.7%
Details
CWE
CWE-352
Status
published
Products (1)
vestacp/vesta_control_panel
< 0.9.8-12
Published
Jun 18, 2015
Tracked Since
Feb 18, 2026