← Back to BrewedIntel
otherlowCVE-2024-24621

Jul 25, 2024 • Exodus Advisories

Softaculous Webuzo Authentication Bypass

EIP-ce40b086 Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can...

Source
Exodus Intelligence
Category
other
Severity
low

Summary

EIP-ce40b086 Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. Vulnerability Identifier Exodus Intelligence: EIP-ce40b086 MITRE: CVE-2024-24621 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 10.0 Vendor References https://webuzo.com/blog/webuzo-4-2-9-launched/ Discovery Credit Exodus Intelligence Disclosure Timeline Disclosed to ... Read more Softaculous Webuzo Authentication Bypass The post Softaculous Webuzo Authentication Bypass appeared first on Exodus Intelligence .

Published Analysis

EIP-ce40b086 Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. Vulnerability Identifier Exodus Intelligence: EIP-ce40b086 MITRE: CVE-2024-24621 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 10.0 Vendor References https://webuzo.com/blog/webuzo-4-2-9-launched/ Discovery Credit Exodus Intelligence Disclosure Timeline Disclosed to ... Read more Softaculous Webuzo Authentication Bypass The post Softaculous Webuzo Authentication Bypass appeared first on Exodus Intelligence . EIP-ce40b086 Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. Vulnerability Identifier Exodus Intelligence: EIP-ce40b086 MITRE: CVE-2024-24621 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 10.0 Vendor References https://webuzo.com/blog/webuzo-4-2-9-launched/ Discovery Credit Exodus Intelligence Disclosure Timeline Disclosed to vendor: July 11, 2024 Patched by vendor: July 12, 2024 Disclosed to public: July 25, 2024 Further Information Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected] The post Softaculous Webuzo Authentication Bypass appeared first on Exodus Intelligence .

Linked Entities

  • CVE-2024-24621
Read original source