ArianeBlow/NagiosXI-RCE-all-version-CVE-2021-40345
GitHub
Releases0
RFI to RCE Nagios/NagiosXI exploitation
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 7.2 HIGH | 9 HIGH | ||
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. | |||