{"id":"CVE-2019-12792","details":"A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root.","modified":"2026-04-11T21:44:38.599547Z","published":"2019-08-15T21:15:11.607Z","references":[{"type":"ADVISORY","url":"https://github.com/serghey-rodin/vesta/issues/1921"},{"type":"EVIDENCE","url":"https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-upload-handler/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/outroll/vesta","events":[{"introduced":"0"},{"last_affected":"2da2c539f169c7c4a00b1e23fcf9c3c226faeb08"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:vestacp:control_panel:0.9.8-24:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"0.9.8-24"}]}}],"versions":["0.9.8-10","0.9.8-11","0.9.8-12","0.9.8-13","0.9.8-15","0.9.8-16","0.9.8-17","0.9.8-18","0.9.8-19","0.9.8-20","0.9.8-23","0.9.8-24"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12792.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}