summary Remote Code Execution affected versions * severity 6.4
Z4nzu is a pool of pentest tools that is useful to hackers to do fast hacking from information gathering to web attacks to wireless hacking and much more which are provided in terminal UI. It is built using python3. However it uses
os.system() command in various places which takes in unsanitised input which can lead to problems like
RCE. This tool is a single python file and can be set up inside a website which could give access via a
web UI to the tool and return the result of the tool. It also requires
sudo permissions to run. Thus every command that runs is executed as
root which could lead to
arbitrary code execution as root.