Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions before 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
roxy-wi roxy-wi |