CVE-2021-47871
Unknown Unknown - Not Provided
Arbitrary File Write in Hestia Control Panel 1.3.2 via API

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-05-27
AI Q&A
2026-01-21
EPSS Evaluated
2026-05-25
NVD
CVE-2021-47871
EUVD
EUVD-2026-3620
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hestiacp hestia_control_panel to 1.3.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2021-47871 is an arbitrary file write vulnerability in Hestia Control Panel version 1.3.2 and earlier. Authenticated attackers can exploit the API endpoint index.php by using the "v-make-tmp-file" command to write files to arbitrary locations on the server. For example, an attacker can write SSH public keys into files like /home/admin/.ssh/authorized_keys, potentially enabling unauthorized SSH access. This vulnerability allows attackers to place malicious files anywhere on the server, which can lead to further compromise. [1, 3]


How can this vulnerability impact me? :

This vulnerability can allow an authenticated attacker to write arbitrary files anywhere on the server, including malicious SSH keys. This can lead to unauthorized remote access, remote code execution, and full compromise of the server. The attacker could maintain persistent access or disrupt server operations, severely impacting confidentiality, integrity, and availability of the system. [1, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for suspicious POST requests to the API endpoint at port 8083, specifically to https://TARGET:8083/api/index.php. Look for requests containing the 'v-make-tmp-file' command with parameters that attempt to write files, such as SSH keys, to arbitrary locations. A sample detection command using curl to test the vulnerability could be crafted to send a POST request with parameters 'hash', 'returncode', 'cmd', and arguments specifying file content and destination path. For example, sending a POST request with 'cmd=v-make-tmp-file' and arguments targeting the '/home/admin/.ssh/authorized_keys' file. Network intrusion detection systems can be configured to alert on such patterns. [1]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade Hestia Control Panel to version 1.3.3 or later, where this arbitrary file write vulnerability has been fixed. Additionally, restrict access to the API endpoint to trusted users only, enforce strong authentication, and monitor logs for suspicious activity involving the 'v-make-tmp-file' command. If upgrading immediately is not possible, consider disabling or restricting the vulnerable API functionality until a patch can be applied. [1, 3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart