QwikSec

Security Database

CVE

CWE

Training

CVE-2024-58287

Published: Dec 11, 2025

Modified: Mar 5, 2026

PUBLISHED

Description

reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote code execution during scan engine configuration.

Vendor	Product	Versions
rengine	reNgine	affected `2.2.0`

Weaknesses (CWE)

References

ExploitDB-52081

exploit

Rengine Wiki Homepage

product

Rengine GitHub Repository

product

VulnCheck Advisory: reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.