138Cym1102

**Name of the Vulnerable Software and Affected Versions** cym1102 nginxWebUI versions up to 3.9.9 **Description** A vulnerability was found in the function `upload` of the file `/adminPage/main/upload`, which leads to unrestricted upload. The attack can be launched remotely. **Recommendations** For versions up to 3.9.9, as a temporary workaround, consider disabling the `upload` function of the file `/adminPage/main/upload` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cym1102 nginxWebUI versions up to 3.9.9 **Description** A critical issue affects the function `findCountByQuery` of the file `/adminPage/www/addOver`. The manipulation of the argument `dir` leads to path traversal. This issue can be exploited remotely. **Recommendations** For versions up to 3.9.9, as a temporary workaround, consider disabling the `findCountByQuery` function until a patch is available. Restrict access to the `/adminPage/www/addOver` file to minimize the risk of exploitation. Avoid using the `dir` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cym1102 nginxWebUI versions up to 3.9.9 **Description** A critical vulnerability has been found in cym1102 nginxWebUI. This issue affects the `handlePath` function of the file `/adminPage/conf/saveCmd`. The manipulation of the `nginxPath` argument leads to improper certificate validation. It is possible to initiate the attack remotely. **Recommendations** For cym1102 nginxWebUI versions up to 3.9.9, consider disabling the `handlePath` function until a patch is available. Restrict access to the `/adminPage/conf/saveCmd` file to minimize the risk of exploitation. Avoid using the `nginxPath` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cym1102 nginxWebUI versions up to 3.9.9 **Description** A critical vulnerability was found in the cym1102 nginxWebUI, affecting unknown code of the file /adminPage/main/upload. The manipulation of the argument `file` leads to os command injection. The attack can be initiated remotely. **Recommendations** For versions up to 3.9.9, as a temporary workaround, consider restricting access to the /adminPage/main/upload file until a patch is available. Avoid using the `file` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.