GHSA-4PVG-PRR3-9CXR Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

Product: nginx-ui Repository: 0xJacky/nginx-ui branch: dev Vulnerability Class: Authentication Bypass → Arbitrary File Write → OS Command Injection Affected Component: POST /api/restore --- 1. Vulnerability Summary nginx-ui exposes a backup restore endpoint POST /api/restore that is completely...

CVE-2017-2890

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability...