CVE-2024-3737 | cym1102 nginxWebUI up to 3.9.9 /adminPage/www/addOver findCountByQuery dir path traversal

Posted by Angelo Barbosa | Apr 12, 2024 | CVE

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal.

This vulnerability is handled as CVE-2024-3737. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2024-3737 | cym1102 nginxWebUI up to 3.9.9 /adminPage/www/addOver findCountByQuery dir path traversal

Related Posts

CVE-2024-8574 | TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 /cgi-bin/cstecgi.cgi setParentalRules slaveIpList os command injection

CVE-2023-6956 | EasyAzon Plugin up to 5.1.0 on WordPress easyazon-cloaking-locale cross site scripting

CVE-2024-4744 | Avirtum iPages Flipbook Plugin up to 1.5.1 on WordPress authorization

CVE-2024-43167 | Unbound null pointer dereference