Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
Max CVSS
9.8
EPSS Score
28.54%
Published
2023-12-14
Updated
2023-12-19
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
Max CVSS
9.8
EPSS Score
0.11%
Published
2023-12-14
Updated
2023-12-19
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-09-07
Updated
2022-09-09
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.
Max CVSS
9.0
EPSS Score
5.77%
Published
2021-10-26
Updated
2022-11-08
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-08-13
Updated
2021-08-24
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
Max CVSS
9.8
EPSS Score
0.29%
Published
2021-08-13
Updated
2021-08-23
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
Max CVSS
9.8
EPSS Score
73.46%
Published
2021-08-13
Updated
2021-08-24
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
Max CVSS
9.8
EPSS Score
73.46%
Published
2021-08-13
Updated
2021-08-24
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.
Max CVSS
9.8
EPSS Score
0.22%
Published
2021-09-28
Updated
2021-10-04
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
Max CVSS
9.8
EPSS Score
0.22%
Published
2021-09-28
Updated
2021-10-01
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.
Max CVSS
9.8
EPSS Score
0.22%
Published
2021-09-28
Updated
2021-10-04
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
Max CVSS
9.8
EPSS Score
0.22%
Published
2021-09-28
Updated
2021-10-01
SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
Max CVSS
9.8
EPSS Score
0.47%
Published
2021-04-08
Updated
2021-04-13

CVE-2021-25298

Known exploited
Public exploit
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Max CVSS
9.0
EPSS Score
97.29%
Published
2021-02-15
Updated
2023-03-01
CISA KEV Added
2022-01-18

CVE-2021-25297

Known exploited
Public exploit
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Max CVSS
9.0
EPSS Score
90.21%
Published
2021-02-15
Updated
2023-03-01
CISA KEV Added
2022-01-18

CVE-2021-25296

Known exploited
Public exploit
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Max CVSS
9.0
EPSS Score
90.21%
Published
2021-02-15
Updated
2023-03-01
CISA KEV Added
2022-01-18
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.
Max CVSS
9.0
EPSS Score
0.11%
Published
2021-02-25
Updated
2021-03-02
Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
Max CVSS
9.8
EPSS Score
0.22%
Published
2021-01-26
Updated
2021-02-03

CVE-2020-35578

Public exploit
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.
Max CVSS
9.0
EPSS Score
94.76%
Published
2021-01-13
Updated
2021-04-26
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
Max CVSS
10.0
EPSS Score
12.55%
Published
2021-05-24
Updated
2022-07-12
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo.
Max CVSS
9.0
EPSS Score
2.04%
Published
2021-05-24
Updated
2021-06-03
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
Max CVSS
9.8
EPSS Score
13.22%
Published
2021-05-24
Updated
2021-06-03
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
Max CVSS
10.0
EPSS Score
0.98%
Published
2021-05-24
Updated
2021-06-03
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.
Max CVSS
9.0
EPSS Score
0.29%
Published
2021-05-24
Updated
2021-05-28
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.
Max CVSS
9.8
EPSS Score
5.44%
Published
2021-05-24
Updated
2021-05-28
49 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!