VYPR

roxy-wi

by Hap Wi

CVEs (6)

  • CVE-2022-31126CriJul 6, 2022
    risk 0.64cvss 10.0epss 0.50

    Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi…

  • CVE-2021-38167CriAug 7, 2021
    risk 0.64cvss 9.8epss 0.01

    Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can extract a valid uuid to bypass authentication.

  • CVE-2022-31161CriJul 15, 2022
    risk 0.63cvss 10.0epss 0.20

    Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0…

  • CVE-2021-38169HigAug 7, 2021
    risk 0.57cvss 8.8epss 0.02

    Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py.

  • CVE-2021-38168HigAug 7, 2021
    risk 0.57cvss 8.8epss 0.01

    Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers.

  • CVE-2023-29004MedApr 17, 2023
    risk 0.42cvss 6.5epss 0.01

    hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to…