CVE-2024-13129 – “Roxy-WI OS Command Injection Vulnerability”

1月 3, 2025
11:16 pm

CVE ID : CVE-2024-13129

Published : Jan. 3, 2025, 10:15 p.m. | 1 hour, 1 minute ago

Description : A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-13129 – “Roxy-WI OS Command Injection Vulnerability”

Elvescore.io

Recent Posts

CVE-2025-0231 – Codezips Gym Management System SQL Injection

CVE-2025-0232 – Codezips Blood Bank Management System SQL Injection Vulnerability

CVE-2025-0230 – “Code-Projects Responsive Hotel Site SQL Injection”

CVE-2025-0229 – “Code-projects Travel Management System SQL Injection Vulnerability”

CVE-2025-0228 – Code-projects Local Storage Todo App Cross Site Scripting Vulnerability

CVE-2025-0226 – Tsinghua Unigroup Electronic Archives System File Download Path Information Disclosure

CVE-2024-13129 – “Roxy-WI OS Command Injection Vulnerability”

CVE-2024-13129 – “Roxy-WI OS Command Injection Vulnerability”