Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:40 p.m.8 views

CVE-2020-5791

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user...

9CVSS7.2AI score0.78632EPSS
Exploits7References1
Rapid7 Blog
Rapid7 Blog
added 2021/04/23 5:57 p.m.78 views

Metasploit Wrap-Up

Nagios modules Community member Erik Wynter has contributed two more Nagios XI modules this week, on top of the previous week’s contributions! If you’ve noticed Nagios XI 5.6.0 to 5.7.5 running within your target’s infrastructure during a pen test, be sure to check both these new modules out as...

9CVSS0.1AI score0.93201EPSS
Exploits20
0day.today
0day.today
added 2021/04/19 12:0 a.m.74 views

Nagios XI 5.7.3 Remote Code Execution Exploit

This Metasploit module exploits CVE-2020-5791, an OS command injection vulnerability on Nagios XI versions 5.6.0 through 5.7.3 in admin/mibs.php that enables an authenticated user with admin privileges to achieve remote code execution as either the apache user or the www-data user. This module...

7.2CVSS7.9AI score0.78632EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/04/19 12:0 a.m.536 views

Nagios XI 5.7.3 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2020-5791, an OS command...

9CVSS7.2AI score0.78632EPSS
Exploits7
Metasploit
Metasploit
added 2021/04/17 5:41 p.m.110 views

Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection

This module exploits CVE-2020-5791, an OS command injection vulnerability in admin/mibs.php that enables an authenticated user with admin privileges to achieve remote code execution as either the apache user or the www-data user on NagiosXI version 5.6.0 to 5.7.3 inclusive exact user depends on t...

9CVSS7.6AI score0.78632EPSS
Exploits7
Circl
Circl
added 2021/03/26 11:19 p.m.9 views

CVE-2020-5791

creationtimestamp| type| source ---|---|--- 2021-03-26 23:19:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/nagiosxiscanner.rb 2021-04-16 19:46:06+00:00| seen|...

9CVSS6.7AI score0.78632EPSS
Exploits7References2
Check Point Advisories
Check Point Advisories
added 2020/11/29 12:0 a.m.22 views

Nagios XI Command Injection (CVE-2020-5791)

A command injection vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.7AI score0.78632EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2020/11/28 12:0 a.m.4 views

Nagios XI mibs.php Command Injection (CVE-2020-5791)

A command injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the mibs.php...

9CVSS4.5AI score0.78632EPSS
Exploits7
Packet Storm
Packet Storm
added 2020/10/28 12:0 a.m.394 views

Nagios XI 5.7.3 Remote Command Injection

Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...

9CVSS0.78632EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/10/28 12:0 a.m.596 views

Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)

Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...

9CVSS7AI score0.78632EPSS
Exploits7
NVD
NVD
added 2020/10/20 10:15 p.m.18 views

CVE-2020-5791

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user...

9CVSS0.78632EPSS
Exploits7References3
CVE
CVE
added 2020/10/20 9:22 p.m.164 views

CVE-2020-5791

Nagios XI 5.7.3 contains a CVE-2020-5791 OS command injection in the admin/mibs.php path. An authenticated admin user can exploit improper neutralization of input to execute OS commands with the privileges of the apache (or equivalent webserver) user, enabling remote code execution. Affected prod...

9CVSS7AI score0.78632EPSS
Exploits7References3Affected Software1
Rows per page
Query Builder