6 matches found
CVE-2024-3738
CVE-2024-3738 affects cym1102 nginxWebUI up to version 3.9.9. The vulnerability lies in the handlePath function of /adminPage/conf/saveCmd, where manipulating the nginxPath argument leads to improper certificate validation. The issue enables remote exploitation and the exploit has been disclosed ...
CVE-2024-3740
The CVE-2024-3740 entry affects cym1102 nginxWebUI up to version 3.9.9. The issue resides in the exec function of /adminPage/conf/reload, where deserialization is triggered by manipulating the nginxExe argument, enabling potential remote code execution. The vulnerability details are supported by ...
CVE-2024-3739
The CVE-2024-3739 entry concerns cym1102 nginxWebUI up to 3.9.9. Affects unknown code in /adminPage/main/upload; manipulating the file parameter triggers OS command injection. Exploitation is remote and the vulnerability has been publicly disclosed. Multiple sources (NVD/NVD-derived, Red Hat, CNV...
CVE-2024-3736
CVE-2024-3736 affects cym1102 nginxWebUI up to version 3.9.9. The vulnerability resides in the upload function of /adminPage/main/upload, enabling unrestricted file upload. This can be exploited remotely and the exploit has been disclosed publicly. Impact is high on availability (per CVSS) with n...
CVE-2024-3737
CVE-2024-3737 affects cym1102 nginxWebUI up to 3.9.9. The vulnerability is a path traversal in the function findCountByQuery in /adminPage/www/addOver, triggered by manipulation of the dir argument. The issue can be exploited remotely and had publicly disclosed exploits. Affected versions: up to ...
CVE-2026-2145
CVE-2026-2145 affects cym1102 nginxWebUI up to version 4.3.7. The vulnerability lies in an unknown function handling the nginxDir argument in the /adminPage/conf/check component of the Web Management Interface, enabling remote cross-site scripting (XSS). Public exploits exist. Proof-of-concept ex...