A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function
findCountByQuery
of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal.
This vulnerability is handled as CVE-2024-3737. The attack may be launched remotely. Furthermore, there is an exploit available.