2 matches found
Nagios XI Cmdsubsys Command Injection (CVE-2018-15709; CVE-2018-15710)
An command injection vulnerability has been reported in the Command subsystem component of Nagios XI. The vulnerability is due to insufficient validation of command options submitted to ajaxhelper.php for the submitcommand action and the existence of a local privilege escalation vulnerability tha...
CVE-2018-15709
CVE-2018-15709 affects Nagios XI 5.5.6, allowing remote authenticated attackers to execute arbitrary commands via crafted HTTP requests. Technical details across connected advisories indicate a command-injection issue in the Nagios XI Cmdsubsys/ajaxhelper.php submitcommand path, driven by insuffi...