Roxy Wi
Monthly
Authenticated command injection in Roxy-WI versions prior to 8.2.8.2 enables attackers to execute arbitrary system commands through improper sanitization of the grep parameter in log viewing functionality. Public exploit code exists for this vulnerability, affecting users managing HAProxy, Nginx, Apache, and Keepalived servers through the web interface. A patch is available in version 8.2.8.2 and later.
Authenticated command injection in Roxy-WI versions prior to 8.2.8.2 enables attackers to execute arbitrary system commands through improper sanitization of the grep parameter in log viewing functionality. Public exploit code exists for this vulnerability, affecting users managing HAProxy, Nginx, Apache, and Keepalived servers through the web interface. A patch is available in version 8.2.8.2 and later.