index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.
oryginał ENCVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:PSoftaculous Webuzo
APPSoftaculous2.1.02.1.12.1.2≤ 2.1.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Powiązane podatności
CVE-2024-24621CRITICAL9.8PL ✓ten sam produkt
Softaculous Webuzo — pominięcie uwierzytelnienia przez reset hasła
CVE-2024-24622HIGH8.8ten sam produkt
Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated a...
CVE-2024-24623HIGH8.8ten sam produkt
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, a...
CVE-2013-6043MEDIUM5.0ten sam produkt
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentica...
CVE-2013-6042MEDIUM4.3ten sam produkt
Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous We...