CVE-2024-39935
published 2024-07-04CVE-2024-39935: jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.88%
54.6th percentile
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jc21 | nginx_proxy_manager | < 2.11.3 | 2.11.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/NginxProxyManager/nginx-proxy-manager/commit/99cce7e2b0da2978411cedd7cac5fffbe15bc46https://github.com/NginxProxyManager/nginx-proxy-manager/compare/v2.11.2...v2.11.3https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3662https://github.com/NginxProxyManager/nginx-proxy-manager/commit/99cce7e2b0da2978411cedd7cac5fffbe15bc46https://github.com/NginxProxyManager/nginx-proxy-manager/compare/v2.11.2...v2.11.3https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3662
2024-07-04
Published