EIP-ce40b086
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.
Vulnerability Identifier
Exodus Intelligence: EIP-ce40b086MITRE: CVE-2024-24621Vulnerability Metrics
CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:CCVSSv2 Score: 10.0Vendor References
https://webuzo.com/blog/webuzo-4-2-9-launched/Discovery Credit
Exodus IntelligenceDisclosure Timeline
Disclosed to vendor: July 11, 2024Patched by vendor: July 12, 2024Disclosed to public: July 25, 2024Further Information
Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]
The post Softaculous Webuzo Authentication Bypass appeared first on Exodus Intelligence.
Support the originator by clicking the read the rest link below.