Main
Vulnerability Database
Exploits
ID:12616 - Exploit for Command Injection in nginx-ui - CVE-2024-22198
ID:12616 - Exploit for Command Injection in nginx-ui - CVE-2024-22198
Published: April 21, 2026
Vulnerability identifier: #VU126639
Vulnerability risk: Medium
CVE-ID: CVE-2024-22198
CWE-ID: CWE-77
Exploitation vector: Remote access
Vulnerable software:
nginx-ui
nginx-ui
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary commands on the system.
The vulnerability exists due to insufficient input validation. A remote user can modify "start_cmd" setting and execute arbitrary commands.
Remediation
Install updates from vendor's website.