CVE-2024-22198— Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-22198
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nginx UI 命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nginx UI是Jacky个人开发者的一个 Nginx 的 WebUI。 Nginx UI 2.0.0.beta.9之前版本存在命令注入漏洞,攻击者利用该漏洞可以通过修改 start_cmd设置来执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-22198
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Identify Nginx-ui version and check if it's vulnerable to CVE-2024-22198 | https://github.com/xiw1ll/CVE-2024-22198_Checker | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-22198
请登录查看更多情报信息。
- https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2024-22198
Same Patch Batch · 0xJacky · 2024-01-11 · 3 CVEs total
| CVE-2024-22197 | 7.7 HIGH | Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-202 |
| CVE-2024-22196 | 7.0 HIGH | Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270) |
IV. Related Vulnerabilities
Same product: nginx-ui
- CVE-2026-42238
Unauthenticated Remote Code Execution via Backup Restore in - CVE-2026-42223
nginx-ui: Settings API Exposes Protected Secrets - CVE-2026-42222
nginx-ui: Unauthenticated first-boot instance claim via POST - CVE-2026-42221
nginx-ui: Unauthenticated First-Run Installer Allows Remote - CVE-2026-42220
nginx-ui: Authenticated settings disclosure exposes node.sec
Same vendor: 0xJacky
- CVE-2026-42238
Unauthenticated Remote Code Execution via Backup Restore in - CVE-2026-42223
nginx-ui: Settings API Exposes Protected Secrets - CVE-2026-42222
nginx-ui: Unauthenticated first-boot instance claim via POST - CVE-2026-42221
nginx-ui: Unauthenticated First-Run Installer Allows Remote - CVE-2026-42220
nginx-ui: Authenticated settings disclosure exposes node.sec
Same weakness: CWE-77
- CVE-2026-8210
aandrew-me tgpt Update helper.go helper.Update command injec - CVE-2026-42258
net-imap: Command Injection via unvalidated Symbol inputs - CVE-2026-42453
Termix: Command injection in extractArchive/compressFiles vi - CVE-2026-42271
LiteLLM: Authenticated command execution via MCP stdio test - CVE-2026-41500
electerm has Command Injection Vulnerability via runMac func
V. Comments for CVE-2024-22198
No comments yet