| Title | cym1102 nginxWebUI <=3.9.9 Remote Code Execution |
|---|
| Description | nginxWebUI is a graphical tool for managing nginx configurations. It allows users to quickly configure various functionalities of nginx using a web interface, including HTTP protocol forwarding, TCP protocol forwarding, reverse proxy, load balancing, static HTML server, automatic application, renewal, and configuration of SSL certificates. Once configured, it can generate the nginx.conf file with a single click, and also control the startup and reloading of nginx using this file, providing a complete graphical control loop for managing nginx.
In versions <=3.9.9, there are multiple ways to achieve remote code execution (RCE) in the backend. Three of these methods are bypasses from previous versions. |
|---|
| Source | ⚠️ https://github.com/cym1102/nginxWebUI/issues/138、https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf |
|---|
| User | qqwp220 (ID 67158) |
|---|
| Submission | 2024-04-05 16:18 (1 month ago) |
|---|
| Moderation | 2024-04-12 21:33 (7 days later) |
|---|
| Status | Przyjęty |
|---|
| VulDB Entry | 260579 |
|---|