CNNVD-202601-3387 Information
Jan 21, 2026
cve
CNNVD ID
CNNVD-202601-3387
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
Hestia Control Panel是Hestia Control Panel开源的一款主机控制面板。 Hestia Control Panel 1.3.2版本存在安全漏洞,该漏洞源于API index.php端点存在任意文件写入,可能导致经过身份验证的攻击者写入文件。
Description (English)
Hestia Control Panel is a host control panel for Hestia Control Panel. There is a security loophole in version 1.3.2 of Hestia Control Panel, which stems from the existence of any document at the API index.php endpoint, which could lead to the identity of the assailant.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Hestia Control Panel
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/hestiacp/hestiacp https://hestiacp.com/ https://www.exploit-db.com/exploits/49667 https://www.vulncheck.com/advisories/hestia-control-panel-arbitrary-file-write
Patch
https://github.com/hestiacp/hestiacp/releases
Share on: