| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
| Nagios XI - Authenticated Remote Command Execution Exploit | 10 Mar 202000:00 | – | zdt | |
| Nagios XI getprofile.sh Remote Command Execution Exploit | 14 Apr 202100:00 | – | zdt | |
| Exploit for OS Command Injection in Nagios Nagios_Xi | 26 Nov 202514:55 | – | githubexploit | |
| Exploit for OS Command Injection in Nagios Nagios_Xi | 17 Mar 202621:24 | – | githubexploit | |
| Exploit for OS Command Injection in Nagios Nagios_Xi | 21 Aug 201908:41 | – | githubexploit | |
| CVE-2019-15949 | 5 Sep 201900:00 | – | attackerkb | |
| The vulnerability of the getprofile.sh script, a monitoring tool for Nagios XI, allows a perpetrator to execute arbitrary commands. | 1 Dec 202100:00 | – | bdu_fstec | |
| CVE-2019-15949 | 10 Mar 202000:00 | – | circl | |
| Nagios XI Remote Code Execution Vulnerability | 3 Nov 202100:00 | – | cisa_kev | |
| Nagios XI Command Injection Vulnerability | 11 Sep 201900:00 | – | cnvd |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| upload | request body | /admin/monitoringplugins.php | Upload of a malicious check_ping plugin used to achieve code execution with elevated privileges. | CWE-78 |
| nsp | request body | /admin/monitoringplugins.php | Upload of a malicious check_ping plugin used to achieve code execution with elevated privileges. | CWE-78 |
| MAX_FILE_SIZE | request body | /admin/monitoringplugins.php | Upload of a malicious check_ping plugin used to achieve code execution with elevated privileges. | CWE-78 |
| uploadedfile | request body | /admin/monitoringplugins.php | Upload of a malicious check_ping plugin used to achieve code execution with elevated privileges. | CWE-78 |
| cmd | query param | /includes/components/profile/profile.php | Download system profile which executes commands as root via the uploaded plugin. | CWE-78 |
| delete | query param | /admin/monitoringplugins.php | Cleanup step to delete the malicious plugin after exploitation. | CWE-78 |
| nsp | query param | /admin/monitoringplugins.php | Cleanup step to delete the malicious plugin after exploitation. | CWE-78 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation