Hestia Control Panel Arbitrary File Write Vulnerability

An arbitrary file write vulnerability has been identified in Hestia Control Panel version 1.3.2. This vulnerability allows authenticated attackers to write files to arbitrary locations on the server using the API index.php endpoint. Exploitation involves the v-make-tmp-file command, which can be used to write SSH keys or other content to specific file paths.

Impact

Exploitation of this vulnerability could lead to unauthorized file modifications, such as injecting SSH keys into authorized_keys files, potentially allowing for unauthorized access to user accounts.

Reproduction

To reproduce this vulnerability, authenticate as a user with access to the Hestia Control Panel API. Then, send a POST request to the API's index.php endpoint, including the v-make-tmp-file command and the desired file path in the arguments. This will write the specified content to the designated location on the server.

Remediation

Users are advised to update to Hestia Control Panel version 1.3.3 or later, where this vulnerability has been addressed.