EIP-ce40b086 Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. Vulnerability Identifier Exodus Intelligence: EIP-ce40b086 MITRE: CVE-2024-24621 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 10.0 Vendor References https://webuzo.com/blog/webuzo-4-2-9-launched/ Discovery Credit Exodus Intelligence Disclosure Timeline Disclosed to … Continue reading Softaculous Webuzo Authentication Bypass