Unauthenticated Remote Code Execution via ssl_cert Upload
Package
options.py
(Roxy-WI)
Affected versions
< 6.1.1.0
Patched versions
6.1.1.0
Description
Credits
-
ncilengir Analyst
ncilengir
Analyst
Impact
A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file via upload function. This affects Roxy-wi versions before 6.1.0.
Patches
in 6.1.1.0 version