Описание
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-13723
- https://checkmk.com/werks?version=2.3.0p10
- https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt
- https://lists.debian.org/debian-lts-announce/2025/05/msg00000.html
- https://www.nagvis.org/downloads/changelog/1.9.42
- http://seclists.org/fulldisclosure/2025/Feb/4
- http://www.openwall.com/lists/oss-security/2025/02/04/4
Связанные уязвимости
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
The "NagVis" component within Checkmk is vulnerable to remote code exe ...