6 matches found
CVE-2024-39935
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user with certificate management privileges via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5...
The vulnerability in the backend/script code of the proxy manager for NGINX Proxy Manager allows a perpetrator to execute arbitrary commands.
The vulnerability in the backend/script of the NGINX Proxy Manager for hosting management exists because measures to neutralize specific elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...
CVE-2024-39935
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user with certificate management privileges via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5...
CVE-2024-39935
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user with certificate management privileges via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5...
CVE-2024-39935
CVE-2024-39935 affects jc21 NGINX Proxy Manager before 2.11.3. The vulnerability enables an authenticated user with certificate-management privileges to execute OS commands via untrusted input to the DNS provider configuration in the backend/internal/certificate.js, with potential for full impact...
PT-2024-4599 · Nginx · Nginx Proxy Manager
Name of the Vulnerable Software and Affected Versions: NGINX Proxy Manager versions prior to 2.11.3 Description: The issue allows an authenticated user with certificate management privileges to inject OS commands through untrusted input in the DNS provider configuration, potentially enabling remo...