cym1102/nginxWebUI

cym1102/nginxWebUI

Releases52

Frequency3 weeks 1 day

Last Release 4 months ago

Stars2.61K

Nginx Web page configuration tool. Use web pages to quickly configure Nginx. Nginx网页管理工具，使用网页来快速配置与管理nginx单机与集群

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-2145 ↗	Feb 8, 2026Sunday, 8 February 2026, 09:15	3.5 LOW	4 MEDIUM
A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2024-3740 ↗	Apr 13, 2024Saturday, 13 April 2024, 21:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579.
CVE-2024-3739 ↗	Apr 13, 2024Saturday, 13 April 2024, 19:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability.
CVE-2024-3738 ↗	Apr 13, 2024Saturday, 13 April 2024, 18:15	7.3 HIGH	7.5 HIGH
A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability.
CVE-2024-3737 ↗	Apr 13, 2024Saturday, 13 April 2024, 17:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576.
CVE-2024-3736 ↗	Apr 13, 2024Saturday, 13 April 2024, 14:15	4.3 MEDIUM	4 MEDIUM
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575.