CVE-2024-39935 | jc21 NGINX Proxy Manager up to 2.11.2 DNS Provider Configuration certificate.js os command injection (99cce7e2b0da2978411cedd7cac5fffbe15bc46)

Inserito da Angelo Barbosa | Lug 4, 2024 | CVE

A vulnerability, which was classified as critical, has been found in jc21 NGINX Proxy Manager up to 2.11.2. Affected by this issue is some unknown functionality of the file backend/internal/certificate.js of the component DNS Provider Configuration Handler. The manipulation leads to os command injection.

This vulnerability is handled as CVE-2024-39935. The attack can only be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-39935 | jc21 NGINX Proxy Manager up to 2.11.2 DNS Provider Configuration certificate.js os command injection (99cce7e2b0da2978411cedd7cac5fffbe15bc46)

Post correlati

CVE-2024-29039 | tpm2-tools pcr Selection Value tpm2_checkquote.c comparison

CVE-2024-25865 | hexo-theme-anzhiyu 1.6.12 Algolia Search cross site scripting (Issue 200)

CVE-2024-32882 | wagtail up to 6.0.2 Model Edit wagtail.contrib.settings/ModelViewSet permission

CVE-2024-7443 | Vivotek IB8367A VVTK-0100b upload_file.cgi getenv QUERY_STRING command injection