📦 Nginx Ui

CVE-2024-49368 is a critical command injection vulnerability in Nginx UI that allows attackers to execute arbitrary commands on the server. This affects all Nginx UI installations prior to version 2.0...

CVE-2024-23827 is a critical path traversal vulnerability in Nginx-UI's Import Certificate feature that allows attackers to write arbitrary files to the system. This can lead to remote code execution ...

Nginx UI v2.0.0-beta.35 and earlier contains a path traversal vulnerability that allows attackers to write arbitrary files to the server by manipulating JSON input with '../../' sequences. This can le...

This vulnerability allows authenticated attackers to execute arbitrary commands on Nginx-UI servers via CRLF injection when modifying test_config_cmd or start_cmd parameters. It affects all Nginx-UI i...

CVE-2024-22196 is a SQL injection vulnerability in Nginx-UI where user-controlled 'order' and 'sort_by' query parameters are appended to SQL queries without sanitization. This allows attackers to exec...

This vulnerability in nginx-ui allows authenticated users to modify critical nginx configuration commands via API endpoints that should be restricted, potentially leading to remote code execution, pri...