Command Injection Vulnerability in NginxProxyManager Allows RCE
CVE-2024-46256

Currently unrated

Key Information:

Vendor

Nginx

Vendor
CVE Published:
27 September 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 22%

What is CVE-2024-46256?

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

22% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

.