logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-50094

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-50094

Description:
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
Last updated date:
08/14/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
01/09/2024
Reference url to background

https://www.mattz.io/posts/cve-2023-50094/

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy