Yogesh Ojha

6 exploits Active since Aug 2021
CVE-2023-50094 WRITEUP HIGH WRITEUP
reNgine < 2.0.2 - Authenticated OS Command Injection via WAF Detector URL Parameter
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
CVSS 8.8
CVE-2023-50094 WRITEUP HIGH WRITEUP
reNgine < 2.0.2 - Authenticated OS Command Injection via WAF Detector URL Parameter
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
CVSS 8.8
CVE-2021-38606 WRITEUP CRITICAL WRITEUP
reNgine < 0.5 - Predictable Directory Name
reNgine through 0.5 relies on a predictable directory name.
CVSS 9.8
CVE-2024-43381 WRITEUP MEDIUM WRITEUP
reNgine < 2.1.3 - Stored Cross-Site Scripting via DNS Record Processing
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3.
CVSS 5.0
CVE-2025-24899 WRITEUP HIGH WRITEUP
reNgine < 2.2.0 - Authenticated Exposure of Sensitive User Information via /api/listVulnerability/
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.5
CVE-2025-24962 WRITEUP HIGH WRITEUP
reNgine - OS Command Injection via nmap_cmd Parameter
reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user input and monitor the project for a new release.
CVSS 8.8