nginxWebUI OS Command Injection Vulnerability

nginxWebUI is an nginx web configuration tool. An operating system command injection vulnerability exists in nginxWebUI, which stems from the file parameter of the /adminPage/main/upload file failing to properly filter constructed command special characters, commands, and so on. An attacker can...

PT-2024-27499 · Unknown · Cym1102 Nginxwebui

Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A vulnerability was found in the function upload of the file /adminPage/main/upload, which leads to unrestricted upload. The attack can be launched remotely. Recommendations: For versions u...

nginxWebUI 路径遍历漏洞

nginxWebUI is an nginx web configuration tool. A path traversal vulnerability exists in nginxWebUI, which stems from the failure of the dir parameter of the findCountByQuery method of the /adminPage/www/addOver file to correctly filter for special elements in the path of a resource or file. An...

PT-2024-27520 · Unknown · Cym1102 Nginxwebui

Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A critical issue has been found in the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated...