A vulnerability, which was classified as critical, has been found in jc21 NGINX Proxy Manager up to 2.11.2. Affected by this issue is some unknown functionality of the file backend/internal/certificate.js of the component DNS Provider Configuration Handler. The manipulation leads to os command injection.
This vulnerability is handled as CVE-2024-39935. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.