CVE-2024-3739

Name of the Vulnerable Software and Affected Versions cym1102 nginxWebUI versions up to 3.9.9

Description A critical vulnerability was found in the cym1102 nginxWebUI, affecting unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely.

Recommendations For versions up to 3.9.9, as a temporary workaround, consider restricting access to the /adminPage/main/upload file until a patch is available. Avoid using the file argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.