CVE-2024-58287

Name of the Vulnerable Software and Affected Versions reNgine version 2.2.0

Description The software contains a command injection issue in the nmap cmd parameter within the scan engine configuration. Authenticated attackers can execute arbitrary commands by modifying the nmap cmd parameter with malicious base64-encoded payloads during scan engine configuration. This allows for remote code execution. The vulnerable parameter is nmap cmd.

Recommendations Versions prior to 2.2.0 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.