Описание
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.
Ссылки
- Release NotesVendor Advisory
- Not Applicable
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- Not Applicable
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:nagios:nagios_xi:5.8.5:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.6721
Средний
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.
EPSS
Процентиль: 99%
0.6721
Средний
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434