Command Injection Vulnerability in NginxProxyManager Allows RCE
CVE-2024-46256
Currently unrated
Key Information:
- Vendor
Nginx
- Vendor
- CVE Published:
- 27 September 2024
Badges
👾 Exploit Exists🟡 Public PoC🟣 EPSS 22%
What is CVE-2024-46256?
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.