Home

Description

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5.

PUBLISHED Reserved 2024-09-11 | Published 2024-09-27 | Updated 2024-10-24 | Assigner mitre

References

github.com/...r/blob/v2.11.3/backend/internal/certificate.js

github.com/...ommit/99cce7e2b0da2978411cedd7cac5fffbe15bc466

github.com/barttran2k/POC_CVE-2024-46256

github.com/...mmits/c39d5433bcd13993def222bbb2b6988bbb810a05

cve.org (CVE-2024-46257)

nvd.nist.gov (CVE-2024-46257)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.