Submit #311216: cym1102 nginxWebUI <=3.9.9 Remote Code Executioninfo

Titlecym1102 nginxWebUI <=3.9.9 Remote Code Execution
Description nginxWebUI is a graphical tool for managing nginx configurations. It allows users to quickly configure various functionalities of nginx using a web interface, including HTTP protocol forwarding, TCP protocol forwarding, reverse proxy, load balancing, static HTML server, automatic application, renewal, and configuration of SSL certificates. Once configured, it can generate the nginx.conf file with a single click, and also control the startup and reloading of nginx using this file, providing a complete graphical control loop for managing nginx. In versions <=3.9.9, there are multiple ways to achieve remote code execution (RCE) in the backend. Three of these methods are bypasses from previous versions.
Source⚠️ https://github.com/cym1102/nginxWebUI/issues/138、https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf
User
 qqwp220 (UID 67158)
Submission04/05/2024 04:18 PM (8 months ago)
Moderation04/12/2024 09:33 PM (7 days later)
StatusAccepted
VulDB Entry260579 [cym1102 nginxWebUI up to 3.9.9 /adminPage/conf/reload exec nginxExe deserialization]
Points20

Interested in the pricing of exploits?

See the underground prices here!