CVE-2024-3737

Name of the Vulnerable Software and Affected Versions cym1102 nginxWebUI versions up to 3.9.9

Description A critical issue affects the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. This issue can be exploited remotely.

Recommendations For versions up to 3.9.9, as a temporary workaround, consider disabling the findCountByQuery function until a patch is available. Restrict access to the /adminPage/www/addOver file to minimize the risk of exploitation. Avoid using the dir argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.