5 matches found
reNgine 2.2.0 - Command Injection
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput. id: CVE-2023-50094 info: name: reNgine 2.2.0 - Command Injection...
CVE-2023-50094
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...
Exploit for OS Command Injection in Yogeshojha Rengine
reNgine 2.2.0 - Command Injection - CVE-2023-50094 Descri...
CVE-2023-50094
creationtimestamp| type| source ---|---|--- 2024-01-01 19:26:43+00:00| seen| https://t.me/ctinow/161397 2024-01-02 01:31:30+00:00| seen| https://t.me/cibsecurity/74095 2024-01-09 23:17:31+00:00| seen| https://t.me/ctinow/165425 2024-01-22 14:11:35+00:00| seen| https://t.me/ctinow/171170 2024-11-2...
CVE-2023-50094
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...