GHSA-8R25-68WM-JW35 Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)

Summary Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. Details The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. The...

Nginx UI Command Injection Vulnerability

Nginx UI is a WebUI for Nginx by Jacky Personal Developer. A command injection vulnerability exists in Nginx UI versions prior to 2.0.0.beta.9, which can be exploited by an attacker to execute arbitrary commands by modifying the startcmd setting...

Nginx-UI SQL Injection Vulnerability

Nginx UI is a WebUI for Nginx by Jacky personal developer . Nginx UI versions prior to 2.0.0.beta.9 have a SQL injection vulnerability that can be exploited by an attacker to perform SQL injection via the OrderAndPaginate parameter...

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Nginx-ui is online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd,...

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI does not...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...

PT-2023-8393 · Nginx-Ui · Nginx-Ui

Name of the Vulnerable Software and Affected Versions: Nginx-ui versions prior to 2.0.0.beta.9 Description: The issue is related to the Nginx UI server, where the API exposes certain settings such as test config cmd, reload cmd, and restart cmd, which can be modified by sending a request to the...

PT-2023-8394 · Nginx-Ui · Nginx-Ui

Name of the Vulnerable Software and Affected Versions: Nginx-UI versions prior to 2.0.0.beta.9 Description: The issue concerns arbitrary command execution by abusing configuration settings in Nginx-UI, a web interface for managing Nginx configurations. The Home Preference page exposes system...

PT-2023-8392 · Nginx-Ui · Nginx-Ui

Name of the Vulnerable Software and Affected Versions: Nginx-UI versions prior to 2.0.0.beta.9 Description: The issue is related to a lack of protection against SQL query structure exploitation in the Nginx UI server. This may allow a remote attacker to gain unauthorized access to protected...