HIGH🇵🇱 Wersja polska

CVE-2024-24623

CVSS 8.8v3.1pub. 2024-07-25upd. 2024-11-21

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Softaculous Webuzo

    APP
    Softaculous
    < 4.2.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2024-24621CRITICAL9.8PL ✓ten sam produkt

Softaculous Webuzo — pominięcie uwierzytelnienia przez reset hasła

CVE-2024-24622HIGH8.8ten sam produkt

Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated a...

CVE-2013-6041HIGH7.5ten sam produkt

index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell m...

CVE-2013-6043MEDIUM5.0ten sam produkt

The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentica...

CVE-2013-6042MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous We...