4 matches found
SQL Injection
Nginx-UI is vulnerable to SQL Injection . The vulnerability is due to improper validation and sanitization of sortby parameter within the OrderAndPaginate function. An attacker can exploit this issue by injecting malicious sql queries via sortby resulting in sensitive information disclosure...
CVE-2024-22196 Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
Summary The OrderAndPaginate function is used to order and paginate data. It is defined as follows: go func OrderAndPaginatec gin.Context funcdb gorm.DB gorm.DB return funcdb gorm.DB gorm.DB sort := c.DefaultQuery"order", "desc" order := fmt.Sprintf"%s %s", DefaultQueryc, "sortby", "id", sort db ...
Nginx-UI SQL Injection Vulnerability
Nginx UI is a WebUI for Nginx by Jacky personal developer . Nginx UI versions prior to 2.0.0.beta.9 have a SQL injection vulnerability that can be exploited by an attacker to perform SQL injection via the OrderAndPaginate parameter...