4 matches found
CVE-2024-22196
Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...
CVE-2024-22196
CVE-2024-22196 affects nginx-ui (Go) where OrderAndPaginate uses user-controlled query parameters (order and sort_by via DefaultQuery) to build SQL order clauses, enabling SQL injection via crafted requests. Multiple connected sources confirm the vulnerability is exploitable through the GET /api/...
CVE-2024-22196 Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...
CVE-2024-22196 Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...