Nginx Null Byte Code Execution

Impact: High


Allowing null byte character (ASCII 0x00) in the URL can lead to a severe security risk. If the user can manipulate file contents on the server, this vulnerability may result in arbitrary PHP code execution, enabling attackers to take control of the server and execute unauthorized commands.


Upgrade Nginx to a version that properly sanitizes input and disallows null byte characters in URLs.


Last updated on May 13, 2024

This issue is available in SmartScanner Professional

See Pricing