CVE-2024-43804

Roxy-WI suffers an OS Command Injection via its port-scanning feature. Authenticated users can influence the ip value, which is used to build cmd/cmd1, then passed to server_mod.subprocess_execute with shell=True, enabling arbitrary code execution on the web application server. Multiple sources d...

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution Vulnerability

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...

CVE-2022-31161

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...

Design/Logic Flaw

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...

CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...

Roxy-WI 命令注入漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A command injection vulnerability exists in Roxy-WI versions prior to 6.1.1.0, which stems from the ability to remotely run system commands via the subprocessexecute function...

CVE-2022-31161

CVE-2022-31161 affects Roxy-WI prior to version 6.1.1.0, where the system command can be executed remotely through inputs handled in /app/options.py (notably via the subprocess_execute path). The issue enables unauthenticated remote code execution by abusing input handling (e.g., delcert/ssl_cert...

Remote code execution

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...

Roxy-WI 操作系统命令注入漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A security vulnerability exists in Roxy-WI versions prior to 6.1.1.0, which can be exploited by a remote attacker to execute remote code via a system command that can be run remotely via the...

CVE-2022-31137

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...

CVE-2022-31137

CVE-2022-31137 affects Roxy-WI prior to 6.1.1.0. A remote code execution vulnerability exists where system commands can be executed via the subprocess_execute function in /app/options.py without proper input validation, and attackers can exploit it without authentication. The issue is mitigated b...