Vulnerability CVE-2024-46256
Published: 2024-09-27

Description:
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.

 References:
https://github.com/NginxProxyManager/nginx-proxy-manager/blob/v2.11.3/backend/internal/certificate.js#L830
https://github.com/NginxProxyManager/nginx-proxy-manager/commit/99cce7e2b0da2978411cedd7cac5fffbe15bc466
https://github.com/barttran2k/POC_CVE-2024-46256
Copyright 2024, cxsecurity.com

 

Back to Top