Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.
Weakness
The product compares two entities in a security-relevant context, but the comparison is incorrect.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Webuzo | Softaculous | * | 4.2.9 (excluding) |
Extended Description
This Pillar covers several possibilities:
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/10.html
- https://cwe.mitre.org/data/definitions/120.html
- https://cwe.mitre.org/data/definitions/14.html
- https://cwe.mitre.org/data/definitions/15.html
- https://cwe.mitre.org/data/definitions/182.html
- https://cwe.mitre.org/data/definitions/24.html
- https://cwe.mitre.org/data/definitions/267.html
- https://cwe.mitre.org/data/definitions/3.html
- https://cwe.mitre.org/data/definitions/41.html
- https://cwe.mitre.org/data/definitions/43.html
- https://cwe.mitre.org/data/definitions/44.html
- https://cwe.mitre.org/data/definitions/45.html
- https://cwe.mitre.org/data/definitions/46.html
- https://cwe.mitre.org/data/definitions/47.html
- https://cwe.mitre.org/data/definitions/52.html
- https://cwe.mitre.org/data/definitions/53.html
- https://cwe.mitre.org/data/definitions/6.html
- https://cwe.mitre.org/data/definitions/64.html
- https://cwe.mitre.org/data/definitions/67.html
- https://cwe.mitre.org/data/definitions/7.html
- https://cwe.mitre.org/data/definitions/71.html
- https://cwe.mitre.org/data/definitions/73.html
- https://cwe.mitre.org/data/definitions/78.html
- https://cwe.mitre.org/data/definitions/79.html
- https://cwe.mitre.org/data/definitions/8.html
- https://cwe.mitre.org/data/definitions/80.html
- https://cwe.mitre.org/data/definitions/88.html
- https://cwe.mitre.org/data/definitions/9.html
- https://cwe.mitre.org/data/definitions/92.html