0Xjacky

Name of the Vulnerable Software and Affected Versions: Nginx UI versions prior to 2.0.0-beta.36 Description: The issue is related to the Nginx UI's configuration of logrotate, where it does not verify input and directly passes it to exec.Command, causing arbitrary command execution. This allows a remote attacker to execute arbitrary commands. Recommendations: For versions prior to 2.0.0-beta.36, update to version 2.0.0-beta.36 to secure your Nginx web server. As a temporary workaround, consider restricting access to the logrotate configuration to minimize the risk of exploitation.