CVE-2023-50094 | reNgine up to 2.0.2 api/tools/waf_detector/ url os command injection

Posted by Angelo Barbosa | Jan 1, 2024 | CVE

A vulnerability, which was classified as critical, has been found in reNgine up to 2.0.2. Affected by this issue is some unknown functionality of the file api/tools/waf_detector/. The manipulation of the argument url leads to os command injection.

This vulnerability is handled as CVE-2023-50094. The attack can only be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-50094 | reNgine up to 2.0.2 api/tools/waf_detector/ url os command injection

Related Posts

CVE-2024-3826 | Akana SSO improper authentication

CVE-2024-2134 | Bdtask Hospita AutoManager up to 20240223 Investigation Report /investigation/delete/ cross-site request forgery

CVE-2024-47131 | Delta Electronics DIAScreen up to 1.4.x BACnetObjectInfo stack-based overflow (icsa-24-312-02)

CVE-2023-52139 | Misskey prior 2023.12.1 improper authorization (GHSA-7pxq-6xx9-xpgm)