CVE-2020-10808

HIGH

VestaCP <0.9.8-26 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10808. PoCs published by Mehmet Ince <[email protected]>, including Metasploit module exploits/linux/http/vestacp_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability (CVE-2020-10808) in Vesta Control Panel's v-list-user-backups script to achieve remote code execution as root. It leverages a scheduled backup mechanism to inject a malicious payload into backup.conf, which is then executed by the system.

Description

Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Mehmet Ince <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vestacp_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability (CVE-2020-10808) in Vesta Control Panel's v-list-user-backups script to achieve remote code execution as root. It leverages a scheduled backup mechanism to inject a malicious payload into backup.conf, which is then executed by the system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Vesta Control Panel (versions affected by CVE-2020-10808)

Auth required

Prerequisites: Valid credentials for Vesta Control Panel · Access to the target's web interface (port 8083) · No active backup process running

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://forum.vestacp.com/viewforum.php?f=25

Exploit, Third Party Advisory x_refsource_misc

https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/

Patch, Third Party Advisory x_refsource_misc

https://github.com/rapid7/metasploit-framework/pull/13094

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/157219/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.7726

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

vestacp/vesta_control_panel < 0.9.8-26

Published Mar 22, 2020

Tracked Since Feb 18, 2026