Command Injection Vulnerability in NginxProxyManager Allows RCE
CVE-2024-46256

Currently unrated

Key Information:

Vendor: Nginx
Vendor: CVE Published:; 27 September 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 22%

What is CVE-2024-46256?

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

POC_CVE-2024-46256
Created by barttran2k

References

https://github.com/NginxProxyManager/nginx-proxy-manager/...

https://github.com/barttran2k/POC_CVE-2024-46256

EPSS Score

22% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2024
🟡
Public PoC available
Sep 19, 2024
👾
Exploit known to exist
Sep 19, 2024