2 matches found
Nagios XI Manage.php Directory Traversal (CVE-2021-3277)
A directory traversal vulnerability exists in Nagios XI. The vulnerability is due to insufficient validation of the request parameters in manage.php of the Custom-includes module...
CVE-2021-3277
Nagios XI 5.7.5 and earlier are vulnerable via the custom-includes module. The issue is a flaw in rename functionality validation, allowing authenticated admins to upload arbitrary files (notably PHP) and achieve remote code execution. This is evidenced by multiple sources describing an arbitrary...