CVE-2024-23828 | 0xJacky nginx-ui up to 2.0.0.beta.11 test_config_cmd/start_cmd crlf injection (GHSA-qcjq-7f7v-pvc8)

Posted by Angelo Barbosa | Jan 29, 2024 | CVE

A vulnerability, which was classified as very critical, was found in 0xJacky nginx-ui up to 2.0.0.beta.11. Affected is an unknown function. The manipulation of the argument test_config_cmd/start_cmd leads to crlf injection.

This vulnerability is traded as CVE-2024-23828. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-23828 | 0xJacky nginx-ui up to 2.0.0.beta.11 test_config_cmd/start_cmd crlf injection (GHSA-qcjq-7f7v-pvc8)

Related Posts

CVE-2022-40700 | AMP Toolbox Plugin on WordPress server-side request forgery

CVE-2024-7700 | Red Hat Satellite 6 Host Init Config Template Install Packages command injection

CVE-2024-46750 | Linux Kernel up to 6.10.9 drivers/pci/pci.c pci_bus_lock deadlock

CVE-2024-41475 | GNU Gnuboard 6.0.7 cross-domain policy