CVE-2024-24622 HIGH

CVE-2024-24622: Softaculous Webuzo Password Reset Command Injection

Vendor Softaculous

Product Webuzo

Weakness CWE-78

Published July 25, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.

Key dates

02Disclosure timeline

July 25, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-24622 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

04Related CVE

CVE-2025-43562 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CVE-2025-3729 SourceCodester Web-based Pharmacy Product Management System Database Backup backup.php os command injection CVE-2021-21882 CVE-2026-30809 OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution CVE-2026-7241 Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection