Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/04 11:42 p.m.6 views

CVE-2024-22196

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...

7CVSS6.5AI score0.00584EPSS
Exploits1References1
CVE
CVE
added 2024/01/11 7:24 p.m.79 views

CVE-2024-22196

CVE-2024-22196 affects nginx-ui (Go) where OrderAndPaginate uses user-controlled query parameters (order and sort_by via DefaultQuery) to build SQL order clauses, enabling SQL injection via crafted requests. Multiple connected sources confirm the vulnerability is exploitable through the GET /api/...

7CVSS6.2AI score0.00584EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/01/11 7:24 p.m.33 views

CVE-2024-22196 Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...

7CVSS6.8AI score0.00584EPSS
Exploits1References2
OSV
OSV
added 2024/01/11 7:24 p.m.25 views

CVE-2024-22196 Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...

7CVSS6.3AI score0.00584EPSS
Exploits1References4
Rows per page
Query Builder