Nginx Proxy Manager Security Vulnerabilities and Issues — Nginx Proxy Manager CVE List

Lucene search

Jc21Nginx Proxy Manager

6 matches found

CVE•added 2019/08/23 3:15 p.m.•66 views

CVE-2019-15517

jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.

5.5CVSS5.5AI score0.00172EPSS

CVE•added 2024/09/27 6:15 p.m.•65 views

CVE-2024-46257

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5.

6.3CVSS8.1AI score0.00409EPSS

CVE•added 2024/09/27 6:15 p.m.•62 views

CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.

9.8CVSS7.1AI score0.4165EPSS

CVE•added 2023/01/20 8:15 a.m.•61 views

CVE-2023-23596

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authent...

8.8CVSS9.3AI score0.01374EPSS

CVE•added 2023/03/22 8:15 p.m.•60 views

CVE-2023-27224

An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file.

9.8CVSS9.5AI score0.00165EPSS

CVE•added 2024/07/04 9:15 p.m.•55 views

CVE-2024-39935

jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5.

8.8CVSS7.4AI score0.01386EPSS