exploitDog

CVE-2024-24623

Опубликовано: 25 июл. 2024

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.

Ссылки

https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-ftp-management-command-injection/
Third Party Advisory
https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-ftp-management-command-injection/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softaculous:webuzo:*:*:*:*:*:*:*:*

Версия до 4.2.9 (исключая)

EPSS

Процентиль: 89%

0.04469

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

CWE-78

Связанные уязвимости

GHSA-96rx-8rv9-v6vx

CVSS3: 8.8

github

больше 1 года назад

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.

EPSS

Процентиль: 89%

0.04469

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

CWE-78