Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.
References
Link | Resource |
---|---|
https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/ | Third Party Advisory |
Configurations
History
30 Jul 2024, 15:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:softaculous:webuzo:*:*:*:*:*:*:*:* | |
First Time |
Softaculous
Softaculous webuzo |
|
References | () https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/ - Third Party Advisory |
26 Jul 2024, 12:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Jul 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-25 22:15
Updated : 2024-07-30 15:36
NVD link : CVE-2024-24621
Mitre link : CVE-2024-24621
CVE.ORG link : CVE-2024-24621
JSON object : View
Products Affected
softaculous
- webuzo
CWE
CWE-697
Incorrect Comparison