What is CVE-2024-49368?

CVE-2024-49368 is a vulnerability in 0xjacky Nginx-ui, classified under Improper Input Validation. Published 2024-10-21.

Is CVE-2024-49368 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in 0xjacky Nginx-ui

CVE-2024-49368

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Versio…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.522 (98.0th percentile) — read the EPSS interpretation.

Affected products

0xjacky Nginx-ui — versions < 2.0.0-beta.36

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-66m6-27r9-77vm (x_refsource_CONFIRM)
https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-49368?: CVE-2024-49368 is a vulnerability in 0xjacky Nginx-ui, classified under Improper Input Validation. Published 2024-10-21.
Is CVE-2024-49368 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.