3 matches found
Nagios XI autodiscovery_component Command Injection (CVE-2020-28648)
A command injection vulnerability exists in Nagios XI. The vulnerability is due to insufficient input validation of the requests submitted to the Auto-Discovery endpoint...
CVE-2020-28648
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code...
CVE-2020-28648
CVE-2020-28648 affects Nagios XI’s Auto-Discovery component prior to version 5.7.5. Root cause: improper input validation that allows an authenticated, low-privileged user to execute remote code via the Auto-Discovery endpoint (network access; no user interaction). CVSS base 8.8/High. Remediation...