CVE-2020-15508 HestiaCP Command Injection & Privilege Escalation

Description

Hestiacp <1.2 is vulnerable to command Injection and Privilege Escalation.

Any Web Application User -> Admin user of the Web Application -> OS root access.

Command Injection

Due to inproper input validation leads to command injection.

Privilege Escalation Web Application Admin -> OS root

Admin user of web application can add cron jobs. Adding simple reverse shell payload is makes you root.

POC Video

Exploit

CVE-2020-15508.py

Patch commits

https://github.com/hestiacp/hestiacp/commit/5dbc398d9fb00861fc8f75767b09de8981f86a48

https://github.com/hestiacp/hestiacp/commit/d4d9c84662c2f23e79c2cdc3a92d913892fa7de0