CVE-2024-46256 | NginxProxyManager 2.11.3 Add Lets Encrypt Certificate requestLetsEncryptSsl command injection

Posted by Angelo Barbosa | Sep 27, 2024 | CVE

A vulnerability classified as critical has been found in NginxProxyManager 2.11.3. Affected is the function requestLetsEncryptSsl of the component Add Lets Encrypt Certificate. The manipulation leads to command injection.

This vulnerability is traded as CVE-2024-46256. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-46256 | NginxProxyManager 2.11.3 Add Lets Encrypt Certificate requestLetsEncryptSsl command injection

Related Posts

CVE-2024-31852 | LLVM up to 18.1.2 LR Register stack-based overflow (Issue 80287)

CVE-2024-3690 | PHPGurukul Small CRM 3.0 Change Password sql injection

CVE-2023-51415 | GiveWP Donation Plugin and Fundraising Platform Plugin up to 3.2.2 on WordPress cross site scripting

CVE-2024-6743 | AguardNet Space Management System prior 2024-04-09-3302 sql injection