Affected by GO-2024-2480
and 12 other vulnerabilities
GO-2024-2480 : Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI
GO-2024-2481 : Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI
GO-2026-4614 : Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI
GO-2026-4902 : nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval in github.com/0xJacky/Nginx-UI
GO-2026-4903 : nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI
GO-2026-4904 : nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI
GO-2026-4906 : nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse in github.com/0xJacky/Nginx-UI
GO-2026-4907 : Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation in github.com/0xJacky/Nginx-UI
GO-2026-5210 : Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket endpoints in github.com/0xJacky/Nginx-UI
GO-2026-5227 : Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback in github.com/0xJacky/Nginx-UI
GO-2026-5412 : Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim in github.com/0xJacky/Nginx-UI
GO-2026-5719 : Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services in github.com/0xJacky/Nginx-UI
GO-2026-5733 : Nginx-UI: Disabled users retain full API access through previously issued bearer tokens in github.com/0xJacky/Nginx-UI
Discover Packages
github.com/0xJacky/Nginx-UI
server
model
package
Version:
v1.3.3-rc1
Opens a new window with list of versions in this module.
Published: Jul 5, 2022
License: AGPL-3.0
Opens a new window with license information.
Imports: 12
Opens a new window with list of imports.
Imported by: 4
Opens a new window with list of known importers.
Documentation
Documentation
¶
func AutoMigrate(model interface{})
func CreateBackup(path string )
type AuthToken struct {
Token string `json:"token"`
}
type Cert struct {
Model
Domain string `json:"domain"`
}
func GetAutoCertList() (c []Cert )
type ConfigBackup struct {
Model
Name string `json:"name"`
FilePath string `json:"file_path"`
Content string `json:"content" gorm:"type:text"`
}
type ConfigBackupListItem struct {
Model
Name string `json:"name"`
FilePath string `json:"file_path"`
}
type Curd struct {
Model interface{}
}
func NewCurd(Model interface{}) *Curd
func (c *Curd ) Add(value interface{}) (err error )
func (c *Curd ) Delete(value interface{}, conds ...interface{}) (err error )
func (c *Curd ) Edit(orig interface{}, new interface{}) (err error )
func (c *Curd ) First(dest interface{}, conds ...interface{}) (err error )
func (c *Curd ) GetList(dest interface{}) (err error )
type Log struct {
Model
Title string `json:"title"`
Content string `json:"content"`
}
type Model struct {
ID uint `gorm:"primary_key" json:"id"`
CreatedAt time .Time `json:"created_at"`
UpdatedAt time .Time `json:"updated_at"`
DeletedAt *time .Time `gorm:"index" json:"deleted_at"`
}
Source Files
¶
Click to show internal directories.
Click to hide internal directories.