Caner Tercan

**Name of the Vulnerable Software and Affected Versions** reNgine version 2.2.0 **Description** The software contains a command injection issue in the `nmap cmd` parameter within the scan engine configuration. Authenticated attackers can execute arbitrary commands by modifying the `nmap cmd` parameter with malicious base64-encoded payloads during scan engine configuration. This allows for remote code execution. The vulnerable parameter is `nmap cmd`. **Recommendations** Versions prior to 2.2.0 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.