Lucene search
K

5 matches found

Nuclei
Nuclei
added yesterday41 views

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead ...

9CVSS7.5AI score0.71737EPSS
Exploits7References5
Metasploit
Metasploit
added 2023/02/08 7:51 p.m.558 views

Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection

This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apach...

9CVSS8.3AI score0.71737EPSS
Exploits8
0day.today
0day.today
added 2021/02/26 12:0 a.m.99 views

Nagios XI 5.7.5 Remote Code Execution Exploit

nagios-xi-5.7.5-bugs Bugs reported to Nagios XI CVE-2021-25296 Code Location /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php Code snippet php if !empty$pluginoutputlen $diskwmicommand .= " --forcetruncateoutput " . $pluginoutputlen; $servicewmicommand .= "...

9CVSS0.96861EPSS
Exploits10
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.354 views

Nagios XI 5.7.5 Remote Code Execution

nagios-xi-5.7.5-bugs Bugs reported to Nagios XI CVE-2021-25296 Code Location /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php Code snippet php if !empty$pluginoutputlen $diskwmicommand .= " --forcetruncateoutput " . $pluginoutputlen; $servicewmicommand .= "...

9CVSS0.1AI score0.96861EPSS
Exploits10
ATTACKERKB
ATTACKERKB
added 2021/02/15 12:0 a.m.71 views

CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...

9CVSS2.8AI score0.71737EPSS
In wildExploits7References7
Rows per page
Query Builder