cbcvebase.
CVE-2013-6041
published 2014-12-27

CVE-2013-6041: index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within…

PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.56%
87.9th percentile
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.

Affected

4 ranges
VendorProductVersion rangeFixed in
softaculouswebuzo<= 2.1.3
softaculouswebuzo
softaculouswebuzo
softaculouswebuzo

Detection & IOCsextracted from sources · hover to see the quote

path/index.php?act=login
cookieSOFTCookies7972_sid=[value]`cat /etc/passwd > /home/admin/public_html/pwned.html`
port2002
  • Detect shell metacharacter injection (backtick command substitution) in the SOFTCookies*_sid cookie on requests to /index.php with act=login parameter
  • No authentication is required to exploit this vulnerability; monitor unauthenticated GET requests to /index.php?act=login on port 2002 carrying backtick or other shell metacharacters in the SOFTCookies sid cookie
  • Alert on creation of unexpected files under /home/admin/public_html/ as a post-exploitation indicator of successful command injection
  • ·The vulnerable cookie name includes a numeric suffix (e.g., SOFTCookies7972_sid) that may vary per installation; detection rules should use a wildcard pattern such as SOFTCookies*_sid
  • ·Webuzo listens on port 2002 by default; ensure network monitoring and WAF rules cover this non-standard port
  • ·Versions prior to 2.1.4 are vulnerable; the vendor released a fix in version 2.1.4
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.