Products
NGINX Proxy Manager
- before 2.11.3
Source
cve@mitre.org
Tags
CVE-2024-39935 details
Published : July 4, 2024, 9:15 p.m.
Last Modified : July 4, 2024, 9:15 p.m.
Last Modified : July 4, 2024, 9:15 p.m.
Description
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
This website uses the NVD API, but is not approved or certified by it.