CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-24622 – Softaculous Webuzo Password Reset Command Injection
https://notcve.org/view.php?id=CVE-2024-24622
25 Jul 2024 — Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. • https://blog.exodusintel.com/2024/07/24/softaculous-webuzo-password-reset-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-24623 – Softaculous Webuzo FTP Management Command Injection
https://notcve.org/view.php?id=CVE-2024-24623
25 Jul 2024 — Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. • https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-ftp-management-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24621 – Softaculous Webuzo Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-24621
25 Jul 2024 — Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. • https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass • CWE-697: Incorrect Comparison •