Lucene search
K

5 matches found

NVD
NVD
added 2024/10/21 5:15 p.m.15 views

CVE-2024-49368

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue...

9.8CVSS0.23491EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/21 4:24 p.m.19 views

CVE-2024-49367 Nginx UI's log path can be controlled

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...

6.9CVSS6.4AI score0.0063EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/21 4:24 p.m.37 views

CVE-2024-49367 Nginx UI's log path can be controlled

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...

6.9CVSS0.0063EPSS
Exploits0References2
OSV
OSV
added 2024/10/21 4:24 p.m.19 views

CVE-2024-49367 Nginx UI's log path can be controlled

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...

6.9CVSS6.7AI score0.0063EPSS
Exploits0References4
CVE
CVE
added 2024/10/21 4:24 p.m.98 views

CVE-2024-49367

CVE-2024-49367 affects Nginx UI prior to version 2.0.0-beta.36. The issue is a controllable log path that, when combined with directory traversal at the /api/configs endpoint, allows reading directories and file contents on the server. A fixed version is 2.0.0-beta.36. Connected sources confirm t...

7.5CVSS7.5AI score0.0063EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder