CVE-2021-47871

Hestia Control Panel 1.3.2 - Arbitrary File Write

CVSS 8.6 HIGHEPSS 0.4%CWE-73

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.6EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

21 ene 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Hestia Control Panel · Hestia Control Panel

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/hestiacp/hestiacp https://hestiacp.com/https://www.exploit-db.com/exploits/49667 https://www.vulncheck.com/advisories/hestia-control-panel-arbitrary-file-write