CVE-2024-24621

Summary

Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.

Affected Software

VendorProductVersion RangeStatus
SoftaculousWebuzo3.2.1 <= 4.2.9affected

Weaknesses

  • CWE-697: CWE-697 Incorrect Comparison

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References