CVE-2022-1509
CRITICALhestiacp control_panel < 1.5.12 - Authenticated Remote Code Execution via Command Injection
Title source: llmDescription
Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/09e69dff-f281-4e51-8312-ed7ab7606338
Patch x_refsource_misc
https://github.com/hestiacp/hestiacp/commit/d50f95cf208049dfb6ac67a8020802121745bd60
Scores
CVSS v3
9.9
EPSS
0.0446
EPSS Percentile
90.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
hestiacp/control_panel
< 1.5.12
Published
Apr 28, 2022
Tracked Since
Feb 18, 2026