CVE-2013-6041

Softaculous Webuzo < 2.1.3 - OS Command Injection

Title source: rule

Description

index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/31982

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched

[Various Sources] https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29

Scores

EPSS 0.0746

EPSS Percentile 91.8%

Details

CWE

CWE-78

Status published

Products (4)

softaculous/webuzo 2.1.0

softaculous/webuzo 2.1.1

softaculous/webuzo 2.1.2

softaculous/webuzo < 2.1.3

Published Dec 27, 2014

Tracked Since Feb 18, 2026