CVE-2024-3739
- Source
- https://cve.org/CVERecord?id=CVE-2024-3739
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3739.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-3739
- Published
- 2024-04-13T19:15:53.757Z
- Modified
- 2026-04-12T08:40:51.295648Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability.
- References
Affected packages
Git / github.com/cym1102/nginxWebUI
Affected versions
3.*
3.4.6
3.4.7
3.4.8
3.7.1
3.7.9
3.8.5
3.8.6
3.8.7
3.8.8
3.8.9
3.9.0
3.9.3
3.9.6
3.9.7
4.*
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.8
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.8
4.1.9
4.2.0
4.2.1
4.2.2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3739.json"
vanir_signatures_modified
"2026-04-12T08:40:51Z"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1116.0,
"function_hash": "49897244421777873634003097116603658917"
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-1cde442f",
"signature_type": "Function",
"target": {
"function": "isAvailableCmd",
"file": "src/main/java/com/cym/controller/adminPage/ConfController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"67755800579929002340232257817755291992",
"196616591386433573803933084442893714599",
"191927142660423373444579055769233207256",
"219994681005878008701367471444132265902",
"61918460595045540169029454743466573867",
"114784209546599928180727478642806129973",
"142770498407168204051886473685632505884",
"11682867909429525362418816241129500231",
"214325679564580627684367240595297830631",
"141715636002604562419385477548231319893",
"321102810319959576253146323202792383723",
"84698717498011168292324435327566559643",
"293627414063901801943152387172074596658",
"294670387930032161966031631186650471396",
"317610866041322343818705059936482324336",
"293147201570789349497753744431133059684",
"292874009699787266608270557418997756192",
"101347813000581176296946888300882064446",
"329442297202359594576973949682027225595",
"207924346024817696715987253374966870970",
"306261487524718257844194713540630407080"
]
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-2848ba1d",
"signature_type": "Line",
"target": {
"file": "src/main/java/com/cym/controller/adminPage/WwwController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 513.0,
"function_hash": "239803979691984115683522952978675427665"
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-3b31f93d",
"signature_type": "Function",
"target": {
"function": "test",
"file": "src/test/java/com/cym/TestUtils.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1169.0,
"function_hash": "197478435534090666392307847606304855798"
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-44c3063c",
"signature_type": "Function",
"target": {
"function": "runCmd",
"file": "src/main/java/com/cym/controller/adminPage/ConfController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"151620325199346896901083571005931033556",
"88891455815361392825485503676964136081",
"297060861066225806007527378619033379263",
"79687014044746243531327677851459480900",
"96076014252909215860652224579786831537",
"241198300202770762327859491488063049963",
"286355685868846254371838363417190015232",
"49870901457530678190832326612889449110",
"33140819939701920886444208428625945660",
"268449297370341590987659644451118989615",
"163228843304902328395192382699667917769",
"138846528866575940576674276872321418958",
"237335252916113966318366483973971685699",
"161064597717574426610811217048969215710",
"166827146934994823740868056000442687152",
"87479834925201663896791450035689663513",
"330240026136020868593980851792697526520",
"10203032569479519278626410484388100638",
"65622477945351017122526297008056806197",
"135768188003044261676543112477157807185",
"74724623108115609131503202661672338957",
"183629624383360822928245343100931225598",
"58057783776366899742950422509142618506",
"4946966234836863216364872143276852700",
"51746269791313992810205928229543823624",
"132971711851013273732583678463607166455",
"159563889660478867709018960241728977711",
"78580350839839441495737660174797704308",
"65269019684246585264863377762741386798",
"33501340258939880544324978379430392957"
]
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-4e75e141",
"signature_type": "Line",
"target": {
"file": "src/test/java/com/cym/TestUtils.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"59635783959213121776093107767496174875",
"103667823273552353210801858182872328950",
"293126061567137828463349972212065424577",
"110140576020314289801999797200245225628",
"26616353138599015989934564500878347578",
"285817258640456131566236554797702797472",
"102104979872402127540826371506942856668",
"65685768719505046513662659201079823613",
"188783518147730913597683689273198473243",
"86883710568954439286480912684308283563",
"164931828944475813210176221067146084365",
"330513861065011818321118321245574361823",
"194292594220690865628546780559741637918",
"331520926987438473026108477722673114821",
"48170480405967174712258311018721023203",
"322339874344113404028344525778115963110",
"75971821140936534276118827088746520090",
"307992174174662048311359616934191841990",
"182992868940120584872362909994573510564",
"157073774495166411510259682407441418560",
"257182800562944598119147195057305401116",
"22159412253493585437383489526011218255",
"194721244936178366141806753621147840480",
"305666254399957047982434998164931471823",
"318575589565960763808320397238921080040",
"309238335520966070531124020147390677431",
"323391119501727700245557929801784994308",
"213204314391428223504241819726055377794",
"7757898747314737925313669532603071771",
"298315858426290636217100017966488204468",
"240912406880567132901496820379180710921",
"236062323528779651233668128702563950664",
"33501560762012979668705747606587588350",
"320676009359539242078776357145266145207",
"199615715928095522958052561233422298939",
"201179750259384802464170974678910539475",
"165817902805072517858921024241782910415",
"129499042915847146817486276991596172054",
"323002783584449908664169657357845778747",
"261051354556200340538146253399625174113",
"169770469579968241933081592903550925735",
"264092664229778474663802888889691638988",
"30859723867980695318957329957250382487",
"162931254035723091557063642730021944039",
"27068357738632376128429361191344448833",
"223959113879020620635744152474423562702",
"177824564714090319862749623603448104941",
"252663560806684838923682493160907947234",
"27816278746048092453602561712354035533",
"119979699323048703568289784521032916468",
"227404930788667725831221334856347063148",
"300718702234106722708849926937837546691",
"205658639704082995460082956878798635695",
"49833288988170181383187373570867140590",
"226587021814785622689645486455619168258",
"130819282841032652761361104331020126210",
"57828279416330534970176986077608707229",
"272690414653689315459513881642225871926",
"647202582705556610895864991787439441",
"119258988697698457769296765622298402469",
"152490047751476459365819632180302600472",
"320404653808668836913013229462789393486",
"115479549042979422232064350448721916806"
]
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-5f2e2cbe",
"signature_type": "Line",
"target": {
"file": "src/main/java/com/cym/controller/adminPage/ConfController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1399.0,
"function_hash": "262228518881109905987186936016048569805"
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-9497f787",
"signature_type": "Function",
"target": {
"function": "reload",
"file": "src/main/java/com/cym/controller/adminPage/ConfController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1963.0,
"function_hash": "211654982197064097236206354020454123838"
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-a00170b8",
"signature_type": "Function",
"target": {
"function": "buildDenyAllow",
"file": "src/main/java/com/cym/service/ConfService.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"69932146969355409186479477948615508338",
"194969388582320489881011375416286594975",
"98385126379448139050647337559282715254",
"202099068221953810615281774872441604343",
"176321903744346206795151053599925819625",
"258671489758811523499947934579864923782",
"282069701913182172115612924096313811961",
"215307764977754851870385806941765305137"
]
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-a0a8cc8c",
"signature_type": "Line",
"target": {
"file": "src/main/java/com/cym/service/ConfService.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 520.0,
"function_hash": "1755130129489643756908453761755463515"
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-a7d36fb1",
"signature_type": "Function",
"target": {
"function": "saveCmd",
"file": "src/main/java/com/cym/controller/adminPage/ConfController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 122.0,
"function_hash": "308385477968951436862573847556027552321"
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-c8e2990c",
"signature_type": "Function",
"target": {
"function": "main",
"file": "src/test/java/com/cym/TestUtils.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 581.0,
"function_hash": "109190984288498229146475122336706847193"
},
"source": "https://github.com/cym1102/nginxWebUI/commit/ab4c4402df97c15000ae9562ea1a28f1f1ccf447",
"id": "CVE-2024-3739-caac5577",
"signature_type": "Function",
"target": {
"function": "addOver",
"file": "src/main/java/com/cym/controller/adminPage/WwwController.java"
}
}
]