Command Injection Vulnerability in NginxProxyManager Allows RCE
CVE-2024-46256

Currently unrated

Key Information:

Vendor

Nginx

Status
Nginx Proxy Manager
Vendor
CVE Published:
27 September 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 63%

What is CVE-2024-46256?

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

POC_CVE-2024-46256
Created by barttran2k

References

https://github.com/NginxProxyManager/nginx-proxy-manager/...
https://github.com/NginxProxyManager/nginx-proxy-manager/...
https://github.com/barttran2k/POC_CVE-2024-46256

EPSS Score

63% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

JSON
.