Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.
References
Link | Resource |
---|---|
https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-ftp-management-command-injection/ | Third Party Advisory |
Configurations
History
30 Jul 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:softaculous:webuzo:*:*:*:*:*:*:*:* | |
References | () https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-ftp-management-command-injection/ - Third Party Advisory | |
First Time |
Softaculous
Softaculous webuzo |
26 Jul 2024, 12:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Jul 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-25 22:15
Updated : 2024-08-02 00:15
NVD link : CVE-2024-24623
Mitre link : CVE-2024-24623
CVE.ORG link : CVE-2024-24623
JSON object : View
Products Affected
softaculous
- webuzo
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')