CVE-2024-24621

critical

Description

Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.

References

https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/

Details

Source: Mitre, NVD

Published: 2024-07-25

Updated: 2024-07-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H