Sausagenoods

Name of the Vulnerable Software and Affected Versions: 3X-UI versions prior to 2.5.3 Description: The issue allows a remote attacker to execute arbitrary code via the management script. This is possible because the `x-ui` passes the no check certificate option to `wget` when downloading updates, which means it does not verify certificates when downloading menu updates. Recommendations: For versions prior to 2.5.3, update to version 2.5.3 or later to resolve the issue. As a temporary workaround, consider disabling the automatic update feature in the management script until a patch is available. Restrict access to the `wget` command with the no check certificate option to minimize the risk of exploitation. Avoid using the `x-ui` management script for downloading updates until the issue is resolved.