An issue found in NginxProxyManager v.2.9.19 allows an malicious user to execute arbitrary code via a lua script to the configuration file.
jc21 nginx proxy manager 2.9.19