CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24622 – Softaculous Webuzo Password Reset Command Injection
https://notcve.org/view.php?id=CVE-2024-24622
Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. • https://blog.exodusintel.com/2024/07/24/softaculous-webuzo-password-reset-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24623 – Softaculous Webuzo FTP Management Command Injection
https://notcve.org/view.php?id=CVE-2024-24623
Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. • https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-ftp-management-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24621 – Softaculous Webuzo Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-24621
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. • https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass • CWE-697: Incorrect Comparison •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2013-6043 – Webuzo 2.1.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-6043
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests. La función de login en Softaculous Webuzo anterior a 2.1.4 proporciona mensajes diferentes de error para intentos de autenticación inválidas dependiendo de si la cuenta de usuario existe, lo que permite a atacantes remotos enumerar los nombres de usuario a través de peticiones en serie. • https://www.exploit-db.com/exploits/31982 http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2013-6041 – Webuzo 2.1.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-6041
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. index.php en Softaculous Webuzo anterior a 2.1.4 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en una cookie SOFTCookies dentro de la acción login. • https://www.exploit-db.com/exploits/31982 http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •