12 matches found
CVE-2020-5791
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user...
Metasploit Wrap-Up
Nagios modules Community member Erik Wynter has contributed two more Nagios XI modules this week, on top of the previous week’s contributions! If you’ve noticed Nagios XI 5.6.0 to 5.7.5 running within your target’s infrastructure during a pen test, be sure to check both these new modules out as...
Nagios XI 5.7.3 Remote Code Execution Exploit
This Metasploit module exploits CVE-2020-5791, an OS command injection vulnerability on Nagios XI versions 5.6.0 through 5.7.3 in admin/mibs.php that enables an authenticated user with admin privileges to achieve remote code execution as either the apache user or the www-data user. This module...
Nagios XI 5.7.3 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2020-5791, an OS command...
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
This module exploits CVE-2020-5791, an OS command injection vulnerability in admin/mibs.php that enables an authenticated user with admin privileges to achieve remote code execution as either the apache user or the www-data user on NagiosXI version 5.6.0 to 5.7.3 inclusive exact user depends on t...
CVE-2020-5791
creationtimestamp| type| source ---|---|--- 2021-03-26 23:19:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/nagiosxiscanner.rb 2021-04-16 19:46:06+00:00| seen|...
Nagios XI Command Injection (CVE-2020-5791)
A command injection vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Nagios XI mibs.php Command Injection (CVE-2020-5791)
A command injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the mibs.php...
Nagios XI 5.7.3 Remote Command Injection
Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...
Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)
Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...
CVE-2020-5791
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user...
CVE-2020-5791
Nagios XI 5.7.3 contains a CVE-2020-5791 OS command injection in the admin/mibs.php path. An authenticated admin user can exploit improper neutralization of input to execute OS commands with the privileges of the apache (or equivalent webserver) user, enabling remote code execution. Affected prod...