Input validation error in nginx-ui - CVE-2024-23827

 

Input validation error in nginx-ui - CVE-2024-23827

Published: January 28, 2024 / Updated: April 23, 2026


Vulnerability identifier: #VU127233
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-23827
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Nginx UI
Affected software:
nginx-ui

Detailed vulnerability description

The vulnerability allows a remote user to write arbitrary files on the system.

The vulnerability exists due to improper input validation in the Import Certificate feature when handling crafted API requests. A remote user can supply arbitrary file paths and file content to write arbitrary files on the system.

Exploitation may allow code execution if the written files are later used by the application after a restart.


How to mitigate CVE-2024-23827

Install security update from vendor's website.

Sources