CVE-2013-6041
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
27/12/2014
Last modified:
12/04/2025
Description
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:softaculous:webuzo:*:*:*:*:*:*:*:* | 2.1.3 (including) | |
| cpe:2.3:a:softaculous:webuzo:2.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:softaculous:webuzo:2.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:softaculous:webuzo:2.1.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched
- https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29
- http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched
- https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29