Описание
Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in visApi.php. An authenticated user can inject system commands via unsanitized parameters such as host, resulting in remote code execution.
Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in visApi.php. An authenticated user can inject system commands via unsanitized parameters such as host, resulting in remote code execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-10029
- https://packetstorm.news/files/id/118705
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb
- https://www.exploit-db.com/exploits/23227
- https://www.nagios.com/products/nagios-xi
- https://www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component-auth-command-injection
Связанные уязвимости
Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.