CVE-2024-49368

CRITICAL LAB

nginxui/nginx_ui < 2.0.0-beta.36 - OS Command Injection via Logrotate Configuration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-49368. PoCs published by Aashay221999.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-49368, targeting Nginx UI v2.0.0-beta.35. The exploit leverages command injection via the logrotate configuration to achieve remote code execution (RCE).

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue.

Exploits (1)

nomisec WORKING POC
by Aashay221999 · poc
https://github.com/Aashay221999/CVE-2024-49368

This repository contains a functional exploit for CVE-2024-49368, targeting Nginx UI v2.0.0-beta.35. The exploit leverages command injection via the logrotate configuration to achieve remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Nginx UI v2.0.0-beta.35
Auth required
Prerequisites: Docker and Docker Compose installed · Nginx UI running with vulnerable version · Valid user credentials for authentication
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References

Scores

CVSS v3 9.8
EPSS 0.2349
EPSS Percentile 97.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Lab Environment

COMMUNITY SUSPICIOUS
Community Lab
docker pull uozi/nginx-ui:v2.0.0-beta.35
docker pull uozi/nginx-ui:v2.0.0-beta.36

Details

CWE
CWE-20
Status published
Products (2)
nginxui/nginx_ui 2.0.0 beta1 (48 CPE variants)
nginxui/nginx_ui < 1.9.9-4
Published Oct 21, 2024
Tracked Since Feb 18, 2026