Softaculous Webuzo Authentication Bypass
2024-7-26 05:46:34 Author: blog.exodusintel.com(查看原文) 阅读量:10 收藏

EIP-ce40b086

Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.

Vulnerability Identifier

  • Exodus Intelligence: EIP-ce40b086
  • MITRE: CVE-2024-24621

Vulnerability Metrics

  • CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
  • CVSSv2 Score: 10.0

Vendor References

  • https://webuzo.com/blog/webuzo-4-2-9-launched/

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to vendor: July 11, 2024
  • Patched by vendor: July 12, 2024
  • Disclosed to public: July 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]


文章来源: https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/
如有侵权请联系:admin#unsafe.sh