Remote Code Execution Vulnerability in NginxProxyManager 2.11.3
CVE-2024-46257

Currently unrated

Key Information:

Vendor: Nginx
Status: Nginx Proxy Manager
Vendor: CVE Published:; 27 September 2024

What is CVE-2024-46257?

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5.

References

https://github.com/NginxProxyManager/nginx-proxy-manager/...

https://github.com/barttran2k/POC_CVE-2024-46256

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2024