Roxy-Wi: >> Roxy-Wi Security Vulnerabilities
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
10.0
EPSS Score
0.899
Published
2022-07-06
Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can extract a valid uuid to bypass authentication.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-08-07
Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-08-07
Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py.
CVSS Score
8.8
EPSS Score
0.04
Published
2021-08-07
Page 2