CVE-2024-24621— Softaculous Webuzo Authentication Bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-24621
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Softaculous Webuzo Authentication Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的比较
Source: NVD (National Vulnerability Database)
Vulnerability Title
Webuzo 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Webuzo是Webuzo公司的一个功能强大且易于使用的虚拟主机控制面板。 允许托管提供商和用户自动执行服务器管理任务,同时为客户提供管理其站点所需的工具。 Webuzo存在安全漏洞,该漏洞源于通过密码重置功能包含身份验证绕过漏洞,远程匿名攻击者利用该漏洞可以以root用户身份获得服务器完全访问权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Softaculous | Webuzo | 3.2.1 ~ 4.2.9 | - |
II. Public POCs for CVE-2024-24621
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-24621
请登录查看更多情报信息。
Same Patch Batch · Softaculous · 2024-07-25 · 3 CVEs total
| CVE-2024-24623 | 8.8 HIGH | Softaculous Webuzo FTP Management Command Injection |
| CVE-2024-24622 | 8.8 HIGH | Softaculous Webuzo Password Reset Command Injection |
IV. Related Vulnerabilities
Same vendor: Softaculous
- CVE-2026-2509
Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributo - CVE-2026-39469
WordPress PageLayer plugin <= 2.0.8 - Sensitive Data Exposur - CVE-2026-2442
Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequenc - CVE-2025-13085
SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object R - CVE-2025-12814
SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization t
Same weakness: CWE-697
- CVE-2026-35040
fast-jwt: Stateful RegExp (/g or /y) causes non-deterministi - CVE-2026-34574
Parse Server: Session field immutability bypass via falsy-va - CVE-2026-34210
mppx has Stripe charge credential replay via missing idempot - CVE-2026-32322
soroban-sdk: `Fr` scalar field equality comparison bypasses - CVE-2025-20343
Cisco Identity Services Engine Radius Suppression Denial of
V. Comments for CVE-2024-24621
No comments yet