Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31161

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue.

CVE
#vulnerability#web#rce#nginx#auth#ssl

Unauthenticated Remote Code Execution via ssl_cert Upload

Critical

Aidaho12 published GHSA-pg3w-8p63-x483

Jul 6, 2022

Package

options.py (Roxy-WI)

Affected versions

< 6.1.1.0

Description

Impact

A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file via upload function. This affects Roxy-wi versions before 6.1.0.

Patches

in 6.1.1.0 version

Severity

CVSS base metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Weaknesses

Related news

Roxy WI 6.1.1.0 Remote Code Execution

Roxy WI version 6.1.1.0 suffers from an unauthenticated remote code execution vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907