Command Injection Vulnerability in NginxProxyManager Allows RCE

CVE-2024-46256

Currently unrated 🤨

Key Information

Vendor
Nginx
Vendor
CVE Published:
27 September 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

POC_CVE-2024-46256
Created by barttran2k

Refferences

https://github.com/NginxProxyManager/nginx-proxy-manager/...
https://github.com/NginxProxyManager/nginx-proxy-manager/...
https://github.com/barttran2k/POC_CVE-2024-46256

Timeline

  • Vulnerability published

  • 🔴

    Public PoC available

  • 👾

    Exploit known to exist

Collectors

NVD Database1 Proof of Concept(s)
.