Description
myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Sat, 04 Jul 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta. | |
| Weaknesses | CWE-78 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: PRJBLK
Published:
Updated: 2026-07-04T11:33:27.032Z
Reserved: 2026-06-14T07:01:17.476Z
Link: CVE-2026-12195
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses