Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
0xjackyNginx Ui

8 matches found

CVE
CVEadded 2024/10/21 5:15 p.m.259 views

CVE-2024-49368

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue.

9.8CVSS9.7AI score0.44499EPSS
CVE
CVEadded 2024/01/11 8:15 p.m.98 views

CVE-2024-22198

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home > Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn...

8.8CVSS8.6AI score0.26031EPSS
CVE
CVEadded 2024/10/21 5:15 p.m.80 views

CVE-2024-49367

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue.

7.5CVSS7.5AI score0.00069EPSS
CVE
CVEadded 2024/01/11 6:15 p.m.76 views

CVE-2024-22197

Nginx-ui is online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. The Home > Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes test_config_cm...

8.8CVSS8.7AI score0.04239EPSS
CVE
CVEadded 2024/01/29 5:15 p.m.58 views

CVE-2024-23828

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This vulner...

8.8CVSS8.6AI score0.26031EPSS
CVE
CVEadded 2024/01/11 8:15 p.m.55 views

CVE-2024-22196

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thus,...

7CVSS6.2AI score0.00675EPSS
CVE
CVEadded 2024/01/29 4:15 p.m.50 views

CVE-2024-23827

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulne...

9.8CVSS9.7AI score0.02965EPSS
CVE
CVEadded 2024/10/21 5:15 p.m.35 views

CVE-2024-49366

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of ../../. Arbitrary files can be written to the server, which may result in loss of permissions. Versi...

8.7CVSS7.5AI score0.00254EPSS