Vulnerability Details CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.3%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/LinuxProgramDevelop/NginxProxyManagerCommandInjectVulnInfo/blob/main/Nginx_proxy_manager_Command_Inject_vulnerability.pdf
- https://github.com/NginxProxyManager/nginx-proxy-manager
- https://github.com/LinuxProgramDevelop/NginxProxyManagerCommandInjectVulnInfo/blob/main/Nginx_proxy_manager_Command_Inject_vulnerability.pdf
- https://github.com/NginxProxyManager/nginx-proxy-manager
Products affected by CVE-2023-27224
-
cpe:2.3:a:jc21:nginx_proxy_manager:2.9.19