cbcvebase.
CVE-2024-23828
published 2024-01-29

CVE-2024-23828: Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the…

PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.05%
60.1th percentile
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This vulnerability has been patched in version 2.0.0.beta.12.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.com0xjacky_nginx-ui>= 0 < 2.0.0-beta.122.0.0-beta.12
nginxuinginx_ui< 2.0.02.0.0
nginxuinginx_ui
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.