Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:35 a.m.10 views

CVE-2023-23596

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...

8.8CVSS7.8AI score0.15198EPSS
Exploits1References1
CVE
CVE
added 2023/01/20 12:0 a.m.83 views

CVE-2023-23596

CVE-2023-23596 affects jc21 NGINX Proxy Manager up to version 2.9.19. The issue arises when creating an access list: the backend builds an htpasswd file using crafted username/password inputs that are concatenated without validation and directly passed to an exec command, enabling potential OS co...

8.8CVSS9.3AI score0.15198EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/01/20 12:0 a.m.27 views

CVE-2023-23596

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...

9.5AI score0.15198EPSS
Exploits1References2
OSV
OSV
added 2023/01/20 12:0 a.m.12 views

CVE-2023-23596

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...

8.8CVSS8.2AI score0.15198EPSS
Exploits1References4
Rows per page
Query Builder