Main Vulnerability Database Vulnerabilities #VU127233

Input validation error in nginx-ui - CVE-2024-23827

Published: January 28, 2024 / Updated: April 23, 2026

Vulnerability identifier: #VU127233

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-23827

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
nginx-ui

Software vendor:
Nginx UI

Description

The vulnerability allows a remote user to write arbitrary files on the system.

The vulnerability exists due to improper input validation in the Import Certificate feature when handling crafted API requests. A remote user can supply arbitrary file paths and file content to write arbitrary files on the system.

Exploitation may allow code execution if the written files are later used by the application after a restart.

Remediation

Install security update from vendor's website.

External links

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m

Input validation error in nginx-ui - CVE-2024-23827

Description

Remediation

External links

Please verify you're human