Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31126

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.

CVE
#vulnerability#web#apache#rce#nginx#auth#ssh

Unauthenticated Remote Code Execution via ssh_command

Critical

Aidaho12 published GHSA-mh86-878h-43c9

Jul 6, 2022

Package

No package listed

Affected versions

< 6.1.1.0

Patched versions

6.1.1.0

Description

Impact

A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.0.

Patches

in version 6.1.1.0

Severity

Critical

10.0

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

CVE ID

CVE-2022-31126

Weaknesses

CWE-77 CWE-94 CWE-116

Credits

  • derectus

Related news

Roxy WI 6.1.0.0 Remote Code Execution

Roxy WI version 6.1.0.0 suffers from an unauthenticated remote code execution vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907