Command Injection Vulnerability in Webuzo FTP Management
CVE-2024-24623

8.8HIGH

Key Information:

Vendor: Softaculous
Status: Webuzo
Vendor: CVE Published:; 25 July 2024

What is CVE-2024-24623?

A command injection vulnerability has been identified in the FTP management functionality of Softaculous Webuzo. This flaw allows remote, authenticated attackers to exploit the vulnerability and execute arbitrary code on the affected system. Vigilance is necessary to mitigate potential security risks associated with this issue, especially for users leveraging Webuzo for web hosting and management.

References

https://blog.exodusintel.com/2024/07/25/softaculous-webuz...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 25, 2024