Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-22198 PoC — Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)

Source
https://github.com/xiw1ll/CVE-2024-22198_Checker
Associated Vulnerability
Title:Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268) (CVE-2024-22198)
Description:Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.
Description
Identify Nginx-ui version and check if it's vulnerable to CVE-2024-22198
Readme
# CVE-2024-22198 - authenticated remote code execution in Nginx-ui

## Description

This tool made for remote checking your Nginx-ui version and notify if it's vulnerable to CVE-2024-22198.

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.

## Example

```
➜  python3 nginxui_checker.py http://172.17.0.4
[!] Nginx-ui version: 2.0.0-beta.8 Vulnerable: True
```

## Exploit

N/A

## References
 - https://nvd.nist.gov/vuln/detail/CVE-2024-22198
File Snapshot

 [4.0K]  /data/pocs/5c41d5ee7e33fbf184756aad8b515e062c7450d2
├── [1.5K]  nginxui_checker.py
└── [ 994]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →