Nagios XI version xi-5.7.5 is affected by OS command...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Mar 1, 2023
Description
Published by the National Vulnerability Database
Feb 15, 2021
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Mar 1, 2023
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
References