# CVE-2024-46256 & CVE-2024-46257 – PoC Simulation
## Overview
This repository contains a step-by-step, image-backed Proof of Concept (PoC) simulating two vulnerabilities in Nginx Proxy Manager that enable OS Command Injection, leading to Remote Code Execution (RCE) after authentication.
- Affected product: Nginx Proxy Manager
- Affected version: v2.11.3
- Impact: Authenticated RCE (observed with root privileges in PoC)
## Contents
- `POC.md`: Detailed write-up of the analysis and exploitation steps, including payloads and observations.
- `static/`: Screenshots referenced by `POC.md` in the order they appear.
## How to Use
1. Open `POC.md` to follow the simulation narrative.
2. Each section references images from `static/` to illustrate setup, code review, exploitation, and results.
## Notes and Disclaimer
- The PoC is for educational and defensive security research only.
- Do not use against systems you do not own or have explicit permission to test.
- Always update to patched versions and apply least-privilege principles.
## References
- Nginx Proxy Manager repository: https://github.com/NginxProxyManager/nginx-proxy-manager
- CVE-2024-46256
- CVE-2024-46257
[4.0K] /data/pocs/5d0abda2d4f8a27cd3230bf0662e794c06258a51
├── [5.8K] POC.md
├── [1.2K] README.md
└── [4.0K] static
├── [116K] 10.png
├── [163K] 1.png
├── [ 87K] 2.png
├── [ 49K] 3.png
├── [230K] 4.png
├── [267K] 5.png
├── [202K] 6.png
├── [104K] 7.png
├── [173K] 8.png
└── [292K] 9.png
2 directories, 12 files