CVE-2020-36856

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

CVE-2025-34115 OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

CVE-2025-34115

OP5 Monitor

Nagios XI < 5.11.3 Multiple Vulnerabilities

According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities, including the following: - A SQL injection vulnerability in the bulk modification tool allowing an unauthenticated remote attacker to run arbitrary code in the context of the database...

CVE-2023-48085

Nagios XI before version 5.11.3 was discovered to contain a remote code execution RCE vulnerability via the component commandtest.php...

CVE-2023-48085

Nagios XI before version 5.11.3 was discovered to contain a remote code execution RCE vulnerability via the component commandtest.php...

Remote code execution

Nagios XI before version 5.11.3 was discovered to contain a remote code execution RCE vulnerability via the component commandtest.php...

CVE-2023-48085

Nagios XI prior to 5.11.3 contains a Remote Code Execution (RCE) vulnerability in the command_test.php component (Core Config Manager). Root cause referenced as insufficient neutralization/validation in command_test.php, enabling arbitrary code execution. Affected versions: Nagios XI

CVE-2023-48085

Nagios XI before version 5.11.3 was discovered to contain a remote code execution RCE vulnerability via the component commandtest.php...

NagiosXI 5.6.11 address Remote Code Execution

Title: Postauth RCE in NagiosXI 5.6.11 param: address Date: 13.03.2020 Vendor: https://www.nagios.com/ Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/ Repo: https://github.com/c610/free/ GET...

op5 Monitor command_test.php Command Injection

A cross-site request forgery vulnerability leading to command injection has been reported in the commandtest.php script of op5 Monitor. The vulnerability is due to a lack of any cross-site request forgery prevention mechanism. A remote attacker could exploit this vulnerability by enticing an...