CVE-2021-40345
Authentified RFI to RCE Nagios/NagiosXI exploitation
Step 1 : Go on the "dashlets" managing page and download one of them (I'm using "rss_dashlet" for the exemple) :
http://TARGET_IP/nagiosxi/admin/dashlets.php?download=rss_dashlet
Step 2 : Modify the *.inc.php (I'm gonna use a tiny PHP reverse shell oneliner in line 34 for the exemple) :
Step 3 : Start your listener and upload the malicious dashlet in the dashlets managing page :
And voilà, you got the shell !