Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2024-22196
HistoryJan 11, 2024 - 8:15 p.m.

CVE-2024-22196

2024-01-1120:15:44
Google
osv.dev
3
nginx-ui
online statistics
server indicators
information disclosure
cve-2024-22196
patched
version 2.0.0.beta.9

0.0005 Low

EPSS

Percentile

17.7%

JSON

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thus, the order and sort_by query parameter are user-controlled and are being appended to the order variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.

Related

veracode 1
cvelist 1
cve 1
osv 1
gitlab 1
github 1
prion 1
veracode
veracode
SQL Injection
2024-01-12 07:04:55
cvelist
cvelist
CVE-2024-22196 Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
2024-01-11 19:24:07
cve
cve
CVE-2024-22196
2024-01-11 20:15:44
osv
osv
SQL injection in github.com/0xJacky/Nginx-UI
2024-01-17 19:07:03
gitlab
gitlab
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
2024-01-11 00:00:00
github
github
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
2024-01-11 16:27:06
prion
prion
Design/Logic Flaw
2024-01-11 20:15:00

0.0005 Low

EPSS

Percentile

17.7%

JSON
Related for OSV:CVE-2024-22196
veracode1cvelist1cve1osv1gitlab1github1prion1