CVE-2024-46256

Name of the Vulnerable Software and Affected Versions NginxProxyManager version 2.11.3

Description A command injection issue exists in the requestLetsEncryptSsl function of NginxProxyManager. This allows a remote attacker to execute arbitrary commands by adding a specially crafted Let's Encrypt certificate. The issue is related to insufficient data sanitization on the management level. Exploitation can lead to Remote Code Execution (RCE).

Recommendations NginxProxyManager version 2.11.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.