Create nginxWebUI_runCmd_file_remote_comand_execution_vulnerability.md

add nginxWebUI runCmd file remote command execution vulnerability
2025-05-05 10:16:59 +00:00 · 2023-05-23 15:36:26 +08:00 · 2023-05-23 15:36:26 +08:00 · 741e204c03
commit 741e204c03
parent 432fbfeec8
1 changed files with 12 additions and 0 deletions
--- a/nginxWebUI_runCmd_file_remote_comand_execution_vulnerability.md
+++ b/nginxWebUI_runCmd_file_remote_comand_execution_vulnerability.md
@ -0,0 +1,12 @@
+## nginxWebUI runCmd file remote command execution vulnerability
+
+|   **Vulnerability**  | **nginxWebUI runCmd file remote command execution vulnerability**  |
+| :----:   | :-----|
+|  **Chinese name**  | nginxWebUI runCmd 文件命令执行漏洞 |
+| **CVSS core**  | 9.2 |
+| **FOFA Query**  (click to view the results directly)| [title=\"nginxWebUI\" && body=\"refreshCode('codeImg')\"](https://en.fofa.info/result?qbase64=dGl0bGU9Im5naW54V2ViVUkiICYmIGJvZHk9InJlZnJlc2hDb2RlKCdjb2RlSW1nJyki) |
+| **Number of assets affected**  | 5856 |
+| **Description**  | NginxWebUI is a tool for graphical management of nginx configuration. You can use web pages to quickly configure various functions of nginx, including http protocol forwarding, tcp protocol forwarding, reverse proxy, load balancing, static html server, automatic application, renewal and configuration of ssl certificates. After configuration, you can create nginx. conf file, and control nginx to use this file to start and reload, completing the graphical control loop of nginx. Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
+| **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
+
+![](https://s3.bmp.ovh/imgs/2023/05/23/a77433ad12687464.gif)