|Number of vulnerabilities||1|
|Public exploit||Public exploit code for vulnerability #1 is available.|
Web applications / Modules and components for CMS
This security bulletin contains one high risk vulnerability.
CWE-77 - Command injection
Exploit availability: NoDescription
The vulnerability allows a remote attacker to execute arbitrary commands on the system.
The vulnerability exists due to improper input validation in the first argument of "_nginxCmd()" function. A remote attacker can execute arbitrary commands on the target system.Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.Vulnerable software versions
strong-nginx-controller: 1.0.0 - 1.0.2CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?