CVE-2022-31161

Name of the Vulnerable Software and Affected Versions Roxy-WI versions prior to 6.1.1.0

Description Roxy-WI is a Web interface for managing HAProxy, Nginx, and Keepalived servers. The system command can be run remotely via the subprocess execute function without processing the inputs received from the user in the /app/options.py file.

Recommendations For versions prior to 6.1.1.0, update to version 6.1.1.0 to resolve the issue. As a temporary workaround, consider disabling the subprocess execute function until a patch is available. Restrict access to the /app/options.py file to minimize the risk of exploitation.