CNNVD-202602-1220 Information

CNNVD ID

CNNVD-202602-1220

Related CVE

CVE-2026-2145

• CNNVD Published: 2026-02-08

Description (Chinese)

nginxWebUI是cym1102个人开发者的一款nginx网页配置工具。 nginxWebUI 4.3.7及之前版本存在代码注入漏洞，该漏洞源于对文件/adminPage/conf/check中参数nginxDir的错误操作，可能导致跨站脚本攻击。

Description (English)

nginxWebUI is a nginx web-based configuration tool for cym 1102 individual developers. nginxWebUI 4.3.7 and previous versions have a code-injecting loophole, which stems from the wrong operation of the nginxDir parameter in file/adminPage/conf/check, which may result in a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2026-02-08

Last Modified

2026-02-24

References

https://github.com/cym1102/nginxWebUI/ https://vuldb.com/?id.344847 https://github.com/cym1102/nginxWebUI/issues/203 https://vuldb.com/?submit.747404 https://github.com/cym1102/nginxWebUI/issues/203#issue-3860109934 https://vuldb.com/?ctiid.344847 https://access.redhat.com/security/cve/cve-2026-2145