Command Injection in Softaculous Webuzo Affects Multiple Versions
CVE-2013-6041

Currently unrated

Key Information:

Vendor: Softaculous
Status: Webuzo
Vendor: CVE Published:; 27 December 2014

🔔 Create Softaculous Vulnerability Alert

What is CVE-2013-6041?

A vulnerability in the Softaculous Webuzo application allows remote attackers to execute arbitrary commands on the server through crafted SOFTCookies sid cookies during the login process. By leveraging shell metacharacters in the cookies, an attacker can bypass security measures and gain unauthorized access, potentially compromising system integrity and security.

References

https://web.archive.org/web/20140126212101/http://www.bae...

x_refsource_MISC

http://www.softaculous.com/board/index.php?tid=4526&title...

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2014
Vulnerability Reserved
Oct 4, 2013