A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
The vulnerability (CWE-77) is located in the requestLetsEncryptSsl function in the backend/internal/certificate.js file. An attacker can inject malicious system commands through the Let's Encrypt certificate addition function without requiring any permissions. Unvalidated input data is passed directly to the system command interpreter, resulting in its execution in the server context.
An unauthenticated attacker can remotely execute arbitrary commands on the server (RCE), which in practice means the ability to gain full control of the system, data exfiltration, installation of malicious software, or disruption of services.
Patches available from the vendor must be applied according to the references β the fix was introduced in commit 99cce7e2b0da2978411cedd7cac5fffbe15bc466 in the project repository on GitHub. An immediate update to a version containing this patch is recommended.
Nginx Proxy Manager version 2.11.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HJc21 nginx Proxy Manager
APPJc212.11.3
Related vulnerabilities
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to ...
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authe...
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend...
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, p...
A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows ...