CVE-2024-23828 | 0xJacky nginx-ui up to 2.0.0.beta.11 test_config_cmd/start_cmd crlf injection (GHSA-qcjq-7f7v-pvc8)

Posted by Angelo Barbosa | Jan 29, 2024 | CVE

A vulnerability, which was classified as very critical, was found in 0xJacky nginx-ui up to 2.0.0.beta.11. Affected is an unknown function. The manipulation of the argument test_config_cmd/start_cmd leads to crlf injection.

This vulnerability is traded as CVE-2024-23828. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-23828 | 0xJacky nginx-ui up to 2.0.0.beta.11 test_config_cmd/start_cmd crlf injection (GHSA-qcjq-7f7v-pvc8)

Related Posts

CVE-2022-49040 | Synology Drive Client prior 3.5.0-16084 Connection Management buffer overflow (SA_24_10)

CVE-2024-35760 | WP Job Portal Plugin up to 2.1.3 on WordPress cross site scripting

CVE-2024-30572 | Netgear R6850 1.1.0.88 ntp_server command injection

CVE-2024-5619 | PruvaSoft Informatics Apinizer Management Console prior 2024.05.1 authorization