CVE-2021-47871

Hestia Control Panel 1.3.2 - Arbitrary File Write

CVSS 8.6 HIGHEPSS 0.4%CWE-73

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.6EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

21 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Hestia Control Panel · Hestia Control Panel

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/hestiacp/hestiacp https://hestiacp.com/https://www.exploit-db.com/exploits/49667 https://www.vulncheck.com/advisories/hestia-control-panel-arbitrary-file-write