CVE-2013-6041

high

Published 2014-12-27 · Modified 2026-05-06

CVSS v3

—

CVSS v2

7.5

VIR risk

7.5

Description

index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched

Application impact

Vendor	Product	Versions
softaculous	webuzo	`{"endIncluding":"2.1.3"}`
softaculous	webuzo	`2.1.0`
softaculous	webuzo	`2.1.1`
softaculous	webuzo	`2.1.2`

References

http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched
https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29
http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched
https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29

CWEs

CWE-78

Verify integrity in audit chain (admin only). AS-IS.