Tag :
Cyber Security

1. Summary

Vulnerability Name

nginxWebUI runCmd Remote Command Execution Vulnerability
Release Date

June 29, 2023
Component Name

nginxWebUI runCmd
Affected Versions

nginxWebUI ≤ 3.5.0
Vulnerability Type

Remote Command Execution Vulnerability

2. About the Vulnerability

2.1 Introduction

The nginxWebUI is a configuration management tool for nginx, a web server that can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache. nginxWebUI allows users to configure various features of nginx in a graphical web interface, including HTTP forwarding, TCP forwarding, reverse proxy, load balancing, static HTML server, and automatic SSL certificate management. An nginx configuration file (nginx.conf) is generated to replace the default configuration file to apply the desired configurations.

2.2 Summary

On June 29, 2023, Sangfor FarSight Labs received a notice about a remote command execution vulnerability in nginxWebUI, classified as critical.

The vulnerability affects nginxWebUI’s runCmd feature and is caused by incomplete validation of user input. Attackers can exploit the vulnerability by crafting malicious data to execute arbitrary commands on a vulnerable server without authorization.

3. Affected Versions

nginxWebUI ≤ 3.5.0

4. Solutions

4.1 Remediation Solutions

4.1.1 Official Solution

Affected users can update to the latest version to fix the vulnerability. Link: https://www.nginxwebui.cn/

4.2 Sangfor Solution

4.2.1. Security Monitoring

The following Sangfor products and services perform real-time monitoring of assets affected by the nginxWebUI runCmd remote command execution vulnerability:

4.2.2 Security Protection

The following Sangfor products and services provide protection against the nginxWebUI runCmd remote command execution vulnerability:

5. Timeline

On June 29, 2023, Sangfor FarSight Labs received a notice about the nginxWebUI runCmd remote command execution vulnerability.

On June 29, 2023, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.

6. Reference

https://zone.huoxian.cn/d/1210-nginx

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Security Feature Bypass in Microsoft Office (CVE-2026-21509)

Date : 27 Jan 2026
Read Now

Authentication Bypass in Oracle WebLogic Server Proxy Plug-in (CVE-2026-21962)

Date : 22 Jan 2026
Read Now

Command Injection in the phMonitor Service of Fortinet FortiSIEM (CVE-2025-64155)

Date : 15 Jan 2026
Read Now

See Other Product

Cyber Command - NDR Platform
MDR TCO Calculator - User Input Page
Endpoint Secure
MDR TCO Calculator - Report Page
Sangfor Athena SWG - Secure Web Gateway
Sangfor Zero Trust Data Protection

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail