VYPR
Unrated severityNVD Advisory· Published Jul 15, 2022· Updated Apr 23, 2025

Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload

CVE-2022-31161

Description

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Roxy Wi/Roxy Willm-fuzzy
    Range: <6.1.1.0
  • hap-wi/roxy-wiv5
    Range: < 6.1.1.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.