Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

在命令中使用的特殊元素转义处理不恰当(命令注入)

Nginx UI 命令注入漏洞

Nginx UI是Jacky个人开发者的一个 Nginx 的 WebUI。 Nginx UI 2.0.0.beta.9之前版本存在命令注入漏洞，攻击者利用该漏洞可以通过修改 start_cmd设置来执行任意命令。

N/A

N/A