CVE-2020-10966

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hestiacp:control_panel:*:*:*:*:*:*:*:*
cpe:2.3:a:vestacp:control_panel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-25 23:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-10966

Mitre link : CVE-2020-10966

CVE.ORG link : CVE-2020-10966


JSON object : View

Products Affected

hestiacp

  • control_panel

vestacp

  • control_panel