CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-46256
https://notcve.org/view.php?id=CVE-2024-46256
27 Sep 2024 — A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. • https://github.com/barttran2k/POC_CVE-2024-46256 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46257
https://notcve.org/view.php?id=CVE-2024-46257
27 Sep 2024 — A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5. • https://github.com/NginxProxyManager/nginx-proxy-manager/blob/v2.11.3/backend/internal/certificate.js#L870 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28379
https://notcve.org/view.php?id=CVE-2022-28379
03 Apr 2022 — jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion. jc21.com Nginx Proxy Manager versiones anteriores a 2.9.17, permite una vulnerabilidad de tipo XSS durante la eliminación de elementos • https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1950 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •