Softaculous Webuzo Authentication Bypass

Jul 26, 2024 12:00 am Technology 101











EIP-ce40b086

Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.

Vulnerability Identifier

Exodus Intelligence: EIP-ce40b086MITRE: CVE-2024-24621

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:CCVSSv2 Score: 10.0

Vendor References

https://webuzo.com/blog/webuzo-4-2-9-launched/

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: July 11, 2024Patched by vendor: July 12, 2024Disclosed to public: July 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]












The post Softaculous Webuzo Authentication Bypass appeared first on Exodus Intelligence.



Support the originator by clicking the read the rest link below.
softaculous webuzo authentication bypass
Read The Rest from the original source
blog.exodusintel.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!