CVE-2024-3736

Source
https://cve.org/CVERecord?id=CVE-2024-3736
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3736.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-3736
Published
2024-04-13T14:00:06.364Z
Modified
2026-07-15T01:49:17.145583217Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
cym1102 nginxWebUI upload unrestricted upload
Details

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-434"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "3.9.1"
                },
                {
                    "last_affected": "3.9.1"
                },
                {
                    "introduced": "3.9.2"
                },
                {
                    "last_affected": "3.9.2"
                },
                {
                    "introduced": "3.9.4"
                },
                {
                    "last_affected": "3.9.4"
                },
                {
                    "introduced": "3.9.5"
                },
                {
                    "last_affected": "3.9.5"
                },
                {
                    "introduced": "3.9.8"
                },
                {
                    "last_affected": "3.9.8"
                },
                {
                    "introduced": "3.9.9"
                },
                {
                    "last_affected": "3.9.9"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/3xxx/CVE-2024-3736.json"
}
References

Affected packages

Git / github.com/cym1102/nginxwebui

Affected ranges

Type
GIT
Repo
https://github.com/cym1102/nginxwebui
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:cym1102:nginxwebui:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.9.0"
        },
        {
            "last_affected": "3.9.0"
        },
        {
            "introduced": "3.9.3"
        },
        {
            "last_affected": "3.9.3"
        },
        {
            "introduced": "3.9.6"
        },
        {
            "last_affected": "3.9.6"
        },
        {
            "introduced": "3.9.7"
        },
        {
            "last_affected": "3.9.7"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "4.2.4"
        }
    ]
}

Affected versions

3.*
3.8.7
3.8.8
3.8.9
3.9.0
3.9.3
3.9.6
3.9.7
4.*
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.8
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.8
4.1.9
4.2.0
4.2.1
4.2.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3736.json"