CVE-2018-19168

Shell Metacharacter Injection in www/modules/save.php in FruityWifi aka PatatasFritas/PatataWifi through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted modname parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid...

CVE-2020-24847

A Cross-Site Request Forgery CSRF vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in pageconfigadv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticate...

EUVD-2020-17558

Malware in sbrugna...

EUVD-2020-17556

Malware in sbrugna...

CVE-2020-24849

A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the pageconfigadv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-173...

FruityWifi Code Execution Vulnerability

FruityWifi is a wireless network auditing tool. A security vulnerability exists in the www/modules/save.php file in FruityWifi 2.4 and earlier versions. A remote attacker can exploit this vulnerability by sending a specially crafted 'modname' parameter via a POST request to execute arbitrary code...