CVE-2024-58287

High CVSS: 8.7

reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote code execution during scan engine configuration.

Vendor

Yogeshojha

Product

Rengine

CWE

CWE-78

Yayın Tarihi

2025-12-11 22:15:49

Güncelleme

2026-01-20 18:43:16

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Rengine HIGH Yogeshojha 2025

Referanslar

https://github.com/yogeshojha/rengine https://rengine.wiki/ https://www.exploit-db.com/exploits/52081 https://www.vulncheck.com/advisories/rengine-authenticated-command-injection-via-scan-engine-configuration

Benzer Kayıtlar

Medium

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in the Vulnerabilities module. Whe…

Medium

CVE-2025-24966

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application imprope…

High

CVE-2025-24967

reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability…

High

CVE-2025-24968

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability al…

High

CVE-2025-24962

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands v…

High

CVE-2025-24899

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where…