EIP-2026-104358
PRE-CVENginx 0.6.x - Arbitrary Code Execution NullByte Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-104358. PoCs published by Neal Poole.
AI-analyzed exploit summary This exploit describes a null byte injection vulnerability in older versions of nginx (0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37) that allows arbitrary code execution by appending %00.php to a URI, bypassing FastCGI module restrictions. The proof of concept demonstrates how null bytes can be injected into URIs to exploit the vulnerability.
Description
Nginx 0.6.x - Arbitrary Code Execution NullByte Injection
Exploits (1)
This exploit describes a null byte injection vulnerability in older versions of nginx (0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37) that allows arbitrary code execution by appending %00.php to a URI, bypassing FastCGI module restrictions. The proof of concept demonstrates how null bytes can be injected into URIs to exploit the vulnerability.