229 matches found
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
Summary Fix bypass to the following bugs - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35 Allowing to inject directly in the app.ini via CRLF to change the value of testconfigcmd and startcm...
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...
GHSA-XVQ9-4VPV-227M Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...
CVE-2024-23828
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...
Design/Logic Flaw
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...
CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...
CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...
CVE-2024-23828
Summary: CVE-2024-23828 affects Nginx-UI, a web interface for Nginx configuration. An authenticated attacker can achieve arbitrary command execution by abusing CRLF in configuration fields (test_config_cmd or start_cmd), due to an incomplete fix for CVE-2024-22197/22198. The issue is capped at hi...
CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...
CVE-2024-23827
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
Remote code execution
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827
Summary of CVE-2024-23827 (Nginx-UI) Nginx-UI (github.com/0xJacky/Nginx-UI) exposes an Import Certificate feature via the API endpoint /api/cert which allows writing uploaded certificate data and keys to arbitrary filesystem paths. The write logic accepts path fields (ssl_certificate_path, ssl_ce...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
Nginx UI Injection Vulnerability
Nginx UI is a WebUI for Nginx by Jacky's personal developer. An injection vulnerability exists in versions of Nginx UI prior to 2.0.0.beta.12, which stems from the vulnerability to arbitrary command execution attacks when changing the value of testconfigcmd or startcmd...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...
The vulnerability of the Nginx UI server’s user interface allows attackers to cause service failures, increase their privileges, and expose sensitive information.
The vulnerability of the Nginx UI server’s user interface is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability can allow a remote attacker to cause service failures, increase their privileges, and expose sensitive information through a...
The vulnerability of the Nginx UI server’s user interface allows a hacker to execute arbitrary commands.
The vulnerability of the Nginx UI server’s user interface is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by modifying the startcmd parameter...