9.8CVSS
9.4AI Score
0.002EPSS
Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.
9.8CVSS
9.9AI Score
0.006EPSS
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.
9.8CVSS
9.7AI Score
0.003EPSS
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
8.8CVSS
9.1AI Score
0.002EPSS
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of...
5.4CVSS
5.1AI Score
0.0004EPSS