CVE-2023-50094

HIGH NUCLEI

reNgine < 2.0.2 - Authenticated OS Command Injection via WAF Detector URL Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-50094. PoCs published by Zierax. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2023-50094, targeting an authenticated command injection vulnerability in reNgine 2.2.0 via the `nmap_cmd` parameter in the Scan Engine configuration. The exploit automates login, modifies the Scan Engine, and injects a base64-encoded reverse shell payload.

Description

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.

Exploits (1)

nomisec WORKING POC

by Zierax · poc

https://github.com/Zierax/CVE-2023-50094_POC

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2023-50094, targeting an authenticated command injection vulnerability in reNgine 2.2.0 via the `nmap_cmd` parameter in the Scan Engine configuration. The exploit automates login, modifies the Scan Engine, and injects a base64-encoded reverse shell payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: reNgine v2.2.0

Auth required

Prerequisites: Running instance of reNgine v2.2.0 · Valid user credentials with access to Scan Engine configuration · Python 3.x with `requests` library

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →